Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

(Not Detected By HJ) Unremovable Worm


  • This topic is locked This topic is locked
23 replies to this topic

#1 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 06 October 2008 - 08:35 PM

Hello, I have recently acquired a worm through a security hole that was downloaded by shareware (My Fault). This worm Disabled - Task Manager, "Run", Control Panel, "All Programs" on the start Menu, and most links on the right side of the Start menu. From my research, i conducted that this virus (or worm) is a very high danger. It acts like a key-logger, and displays the following message and other pop-ups -

(Yellow Triangle with "!" Mark (Picture))

Title - "Security Warning!"

Message - Worm.Win32.Netbooster detected on your machine. This virus is distributed through the internet via the e-mail and Active-X objects. This worm has its own SMTP engine which means it gathers e-mail and re-distributes them. In worst cases... (Continued)

Skipped a line - "Type" - "Virus"

Skipped a line - "Security Risk" 5/5

Etc. These and several other messages pop-up which lead to a rouge anti-virus known as WebAnti-virus 2008. I have tried scanning Trend, Spybot S&D, Malbyte's Anti-Malware, Kaspersky, and Nortorn, but they all do NOT detect it. This virus is manually controlled, up to an extent. When i try to download an anti-virus, or any other protection file, it starts bombarding me with pop-ups, slowing the speed dramatically. The same goes with scans. This might be programmed to do that, but it looks like someone is manually controlling it. Also, 3 new icons appeared on my computer labaled - "System Error Fixer, Protect Your Privacy", and "Malware Defender." These files CANNOT be scanned, and i have tried removing them, but they appear the next time i log on. Can anyone please help me?

Please try to do this quickly.. The computer is in danger of the security hole which the worm "Protects", and i have to do a scan to remove trojans and other malware which come pouring in.

Note the "VIRUS ALERT!" after the time, and NO i did not modify it.

Edit - This Virus WASN'T detected by every program in the "Preperation Guide" list of Anti-malware programs, and anti-viruses.

Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23: VIRUS ALERT!, on 10/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\windows\eHome\ehRecvr.exe
C:\windows\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\ARPWRMSG.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: QXK Olive - {012D9FBA-5736-4E91-9798-3C92984D2832} - C:\windows\nkefbltdbve.dll (file missing)
O2 - BHO: (no name) - {013740FD-F416-46CA-B375-014C51723F45} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: (no name) - {04794FC6-B5CA-4441-8A65-BB40E4778AF7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14FDB2F4-B48D-45EC-9138-46A07D7E291D} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8272D1A8-12F4-4CA5-92ED-4B1598569C41} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: dkwqgnbe - {E96A7638-7DDE-4811-B18A-677BC79F7978} - C:\windows\dkwqgnbe.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: xgpsarbm - {DCAB3B4C-7117-4DB7-89F4-00D5B5A99CF4} - C:\windows\xgpsarbm.dll
O21 - SSODL: neksolda - {3ECF76AB-F56E-4813-80BF-987B143FA8F6} - C:\windows\neksolda.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 12969 bytes

Edited by Anton Zabirko, 06 October 2008 - 08:41 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 08 October 2008 - 04:40 PM

Hi ,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me if you have run any other tool other than those you have mentioned.

  • Tell me about the current condition of your computer.


#3 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2008 - 07:23 PM

Hi ,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

      Note 1:The logs will be created in this folder: C:\rsit

      Note 2:The tool takes not more than one minute to scan the system.
  • Tell me if you have run any other tool other than those you have mentioned.

  • Tell me about the current condition of your computer.


Sorry for the quote, it's just so that i don't forget the questions. Here you go, this is "Log"

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-10-08 20:13:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 184 GB (80%) free of 229 GB
Total RAM: 1022 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13: VIRUS ALERT!, on 10/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\windows\eHome\ehRecvr.exe
C:\windows\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\windows\Explorer.EXE
C:\windows\RTHDCPL.EXE
C:\windows\ARPWRMSG.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\My Documents\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: QXK Olive - {012D9FBA-5736-4E91-9798-3C92984D2832} - C:\windows\nkefbltdbve.dll (file missing)
O2 - BHO: (no name) - {013740FD-F416-46CA-B375-014C51723F45} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: (no name) - {04794FC6-B5CA-4441-8A65-BB40E4778AF7} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {14FDB2F4-B48D-45EC-9138-46A07D7E291D} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8272D1A8-12F4-4CA5-92ED-4B1598569C41} - C:\windows\system32\iifCrrro.dll (file missing)
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: dkwqgnbe - {E96A7638-7DDE-4811-B18A-677BC79F7978} - C:\windows\dkwqgnbe.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 12934 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\At1.job
C:\windows\tasks\At10.job
C:\windows\tasks\At11.job
C:\windows\tasks\At12.job
C:\windows\tasks\At13.job
C:\windows\tasks\At14.job
C:\windows\tasks\At15.job
C:\windows\tasks\At16.job
C:\windows\tasks\At17.job
C:\windows\tasks\At18.job
C:\windows\tasks\At19.job
C:\windows\tasks\At2.job
C:\windows\tasks\At20.job
C:\windows\tasks\At21.job
C:\windows\tasks\At22.job
C:\windows\tasks\At23.job
C:\windows\tasks\At24.job
C:\windows\tasks\At25.job
C:\windows\tasks\At26.job
C:\windows\tasks\At27.job
C:\windows\tasks\At28.job
C:\windows\tasks\At29.job
C:\windows\tasks\At3.job
C:\windows\tasks\At30.job
C:\windows\tasks\At31.job
C:\windows\tasks\At32.job
C:\windows\tasks\At33.job
C:\windows\tasks\At34.job
C:\windows\tasks\At35.job
C:\windows\tasks\At36.job
C:\windows\tasks\At37.job
C:\windows\tasks\At38.job
C:\windows\tasks\At39.job
C:\windows\tasks\At4.job
C:\windows\tasks\At40.job
C:\windows\tasks\At41.job
C:\windows\tasks\At42.job
C:\windows\tasks\At43.job
C:\windows\tasks\At44.job
C:\windows\tasks\At45.job
C:\windows\tasks\At46.job
C:\windows\tasks\At47.job
C:\windows\tasks\At48.job
C:\windows\tasks\At5.job
C:\windows\tasks\At6.job
C:\windows\tasks\At7.job
C:\windows\tasks\At8.job
C:\windows\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012D9FBA-5736-4E91-9798-3C92984D2832}]
QXK Olive - C:\windows\nkefbltdbve.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{013740FD-F416-46CA-B375-014C51723F45}]
C:\windows\system32\iifCrrro.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04794FC6-B5CA-4441-8A65-BB40E4778AF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14FDB2F4-B48D-45EC-9138-46A07D7E291D}]
C:\windows\system32\iifCrrro.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-28 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8272D1A8-12F4-4CA5-92ED-4B1598569C41}]
C:\windows\system32\iifCrrro.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 691656]
{E96A7638-7DDE-4811-B18A-677BC79F7978} - dkwqgnbe - C:\windows\dkwqgnbe.dll [2008-10-02 212992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"=C:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\windows\ARPWRMSG.EXE [2005-08-02 77312]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"ISUSScheduler"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe -start []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-10-06 970808]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [2007-05-15 98304]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe -atboottime []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-10-06 497008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"=C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles/clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe nogui []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
"NoDispCPL"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"StartMenuLogOff"=1
"NoToolbarCustomize"=1
"NoDrives"=12
"NoStartMenuMorePrograms"=1
"NoSetFolders"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\3DO\Heroes of Might and Magic®\heroes.exe"="C:\Program Files\3DO\Heroes of Might and Magic®\heroes.exe:*:Enabled:heroes"
"C:\Program Files\3DO\Heroes of Might and Magic®\editor.exe"="C:\Program Files\3DO\Heroes of Might and Magic®\editor.exe:*:Enabled:editor"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe"="C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Warcraft III1\Warcraft III.exe"="C:\Program Files\Warcraft III1\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon"
"C:\Program Files\Vale Software\MSDE Manager 5\MSDEManager.exe"="C:\Program Files\Vale Software\MSDE Manager 5\MSDEManager.exe:*:Enabled:MSDE Manager"
"C:\Program Files\Vale Software\MSDE Manager 5\MSDEMgr.exe"="C:\Program Files\Vale Software\MSDE Manager 5\MSDEMgr.exe:*:Enabled:MSDE Manager Connection"
"C:\Program Files\Vale Software\MSDE Manager 5\AutoUpdate.exe"="C:\Program Files\Vale Software\MSDE Manager 5\AutoUpdate.exe:*:Enabled:MSDE Manager Update"
"C:\WINDOWS\system32\service.exe"="C:\WINDOWS\system32\service.exe:*:Enabled:service"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Loader"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent"
"C:\Program Files\BitZip\bitzip.exe"="C:\Program Files\BitZip\bitzip.exe:*:Disabled:bitzip"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Disabled:Kaspersky Anti-Virus"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-08 20:13:05 ----D---- C:\rsit
2008-10-08 16:56:03 ----D---- C:\Program Files\Sun
2008-10-08 16:55:44 ----A---- C:\windows\system32\javaws.exe
2008-10-08 16:55:44 ----A---- C:\windows\system32\javaw.exe
2008-10-08 16:55:44 ----A---- C:\windows\system32\java.exe
2008-10-08 00:10:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2008-10-07 15:57:36 ----D---- C:\Program Files\Lavasoft
2008-10-07 15:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 15:56:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 15:30:36 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-06 15:30:00 ----D---- C:\Program Files\Trend Micro
2008-10-05 21:27:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:27:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 21:10:57 ----A---- C:\windows\system32\s627b2kQ.exe.a_a
2008-10-05 20:40:15 ----D---- C:\Program Files\Enigma Software Group
2008-10-03 19:52:23 ----HDC---- C:\windows\$NtUninstallKB951978$
2008-10-02 20:26:59 ----D---- C:\windows\Prefetch
2008-10-02 20:23:47 ----HDC---- C:\windows\$NtUninstallKB952954$
2008-10-02 20:23:40 ----HDC---- C:\windows\$NtUninstallKB952287$
2008-10-02 20:23:29 ----HDC---- C:\windows\$NtUninstallKB951748$
2008-10-02 20:23:21 ----HDC---- C:\windows\$NtUninstallKB951698$
2008-10-02 20:23:12 ----HDC---- C:\windows\$NtUninstallKB951376-v2$
2008-10-02 20:23:04 ----HDC---- C:\windows\$NtUninstallKB951376$
2008-10-02 20:22:53 ----HDC---- C:\windows\$NtUninstallKB951066$
2008-10-02 20:22:45 ----HDC---- C:\windows\$NtUninstallKB950974$
2008-10-02 20:22:36 ----HDC---- C:\windows\$NtUninstallKB950762$
2008-10-02 20:22:26 ----HDC---- C:\windows\$NtUninstallKB946648$
2008-10-02 20:22:11 ----HDC---- C:\windows\$NtUninstallKB938464$
2008-10-02 20:16:28 ----D---- C:\windows\system32\scripting
2008-10-02 20:16:27 ----D---- C:\windows\l2schemas
2008-10-02 20:16:26 ----D---- C:\windows\system32\en
2008-10-02 20:16:25 ----D---- C:\windows\system32\bits
2008-10-02 20:13:13 ----D---- C:\windows\ServicePackFiles
2008-10-02 20:04:56 ----HDC---- C:\windows\$NtServicePackUninstall$
2008-10-02 18:06:11 ----SH---- C:\windows\system32\iwuejiud.ini
2008-10-02 18:05:34 ----A---- C:\windows\system32\31147aca-.txt
2008-10-02 17:39:42 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TmpRecentIcons
2008-10-02 17:39:31 ----A---- C:\windows\fkebanrw.exe
2008-10-02 17:39:31 ----A---- C:\windows\dkwqgnbe.dll
2008-09-30 11:17:55 ----D---- C:\Nexon
2008-09-30 11:17:51 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-29 18:31:26 ----D---- C:\Program Files\Super Mario World
2008-09-28 18:55:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-28 18:55:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 18:55:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 23:22:14 ----A---- C:\windows\system32\J8w2K0jU.exe
2008-09-26 14:46:40 ----A---- C:\windows\mafosav.INI
2008-09-26 14:41:30 ----D---- C:\Buziol Games
2008-09-25 19:23:31 ----A---- C:\windows\system32\ieencode.dll
2008-09-21 12:39:04 ----D---- C:\Program Files\EA GAMES
2008-09-21 12:39:03 ----RA---- C:\windows\system32\vp6vfw.dll
2008-09-21 10:51:55 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-09-21 10:51:49 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-21 10:46:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-09-20 22:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-20 21:26:45 ----D---- C:\KAV
2008-09-20 20:56:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 19:59:47 ----D---- C:\IE5SETUP
2008-09-18 19:59:38 ----A---- C:\windows\ASLOG.BAK
2008-09-18 19:59:07 ----RA---- C:\windows\ASlog.txt
2008-09-17 18:12:11 ----HD---- C:\TEMP
2008-09-17 18:10:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
2008-09-15 16:23:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2008-09-15 15:57:20 ----D---- C:\Program Files\AVG
2008-09-14 17:21:53 ----D---- C:\Program Files\PeerGuardian2
2008-09-14 16:54:49 ----DC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-14 16:51:25 ----D---- C:\4825e3c8f66cad1a7b
2008-09-14 16:51:10 ----D---- C:\windows\SxsCaPendDel
2008-09-14 16:40:11 ----RHD---- C:\AHCache
2008-09-14 14:13:23 ----D---- C:\Program Files\StealthBot
2008-09-10 00:27:57 ----HDC---- C:\windows\$NtUninstallKB938464_0$
2008-09-10 00:27:20 ----HDC---- C:\windows\$NtUninstallKB954154_WM11$
2008-09-09 18:22:35 ----A---- C:\windows\system32\system.txt

======List of files/folders modified in the last 1 months======

2008-10-08 19:54:43 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-10-08 16:56:13 ----SHD---- C:\windows\Installer
2008-10-08 16:56:05 ----HD---- C:\Config.Msi
2008-10-08 16:56:03 ----D---- C:\Program Files
2008-10-08 16:55:44 ----D---- C:\windows\system32
2008-10-08 16:55:43 ----D---- C:\Program Files\Java
2008-10-08 16:09:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-10-08 15:29:14 ----D---- C:\Program Files\Mozilla Firefox
2008-10-08 14:30:24 ----D---- C:\windows\Temp
2008-10-08 14:28:43 ----AD---- C:\WINDOWS
2008-10-08 14:28:11 ----D---- C:\windows\Registration
2008-10-08 14:27:55 ----D---- C:\windows\system32\CatRoot2
2008-10-08 14:26:09 ----A---- C:\windows\SchedLgU.Txt
2008-10-08 14:23:47 ----D---- C:\windows\system32\CatRoot
2008-10-08 14:22:35 ----HD---- C:\windows\inf
2008-10-08 14:22:26 ----RSHD---- C:\windows\system32\dllcache
2008-10-07 15:57:36 ----D---- C:\windows\system32\drivers
2008-10-07 15:56:29 ----D---- C:\Program Files\Common Files
2008-10-06 15:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-05 21:53:17 ----A---- C:\windows\WININIT.INI
2008-10-03 17:23:51 ----HD---- C:\windows\$hf_mig$
2008-10-03 00:41:58 ----A---- C:\windows\imsins.BAK
2008-10-03 00:41:51 ----A---- C:\windows\system32\PerfStringBackup.INI
2008-10-03 00:41:07 ----D---- C:\windows\system32\inetsrv
2008-10-02 20:28:21 ----A---- C:\windows\OEWABLog.txt
2008-10-02 20:27:05 ----A---- C:\windows\setuplog.txt
2008-10-02 20:26:28 ----D---- C:\windows\system32\Setup
2008-10-02 20:26:28 ----D---- C:\windows\AppPatch
2008-10-02 20:26:28 ----D---- C:\Program Files\Messenger
2008-10-02 20:26:26 ----D---- C:\windows\system32\wbem
2008-10-02 20:26:25 ----SD---- C:\windows\Fonts
2008-10-02 20:25:32 ----D---- C:\windows\security
2008-10-02 20:20:27 ----RSD---- C:\windows\assembly
2008-10-02 20:17:04 ----D---- C:\windows\WinSxS
2008-10-02 20:16:47 ----D---- C:\windows\network diagnostic
2008-10-02 20:16:47 ----D---- C:\windows\ime
2008-10-02 20:16:47 ----D---- C:\windows\Help
2008-10-02 20:16:29 ----D---- C:\windows\system32\usmt
2008-10-02 20:16:29 ----D---- C:\windows\system32\en-US
2008-10-02 20:16:25 ----D---- C:\windows\PeerNet
2008-10-02 20:16:25 ----D---- C:\Program Files\Movie Maker
2008-10-02 20:12:59 ----D---- C:\windows\system32\Restore
2008-10-02 20:12:59 ----D---- C:\windows\system32\npp
2008-10-02 20:12:59 ----D---- C:\windows\mui
2008-10-02 20:12:56 ----D---- C:\windows\msagent
2008-10-02 20:12:54 ----D---- C:\windows\srchasst
2008-10-02 20:12:53 ----D---- C:\Program Files\NetMeeting
2008-10-02 20:12:51 ----D---- C:\windows\system32\Com
2008-10-02 20:12:48 ----D---- C:\Program Files\Windows NT
2008-10-02 20:12:48 ----D---- C:\Program Files\Outlook Express
2008-10-02 20:12:45 ----D---- C:\Program Files\Common Files\System
2008-10-02 20:12:28 ----D---- C:\windows\system32\oobe
2008-10-02 20:12:25 ----D---- C:\windows\system
2008-10-02 20:08:08 ----D---- C:\windows\system32\ReinstallBackups
2008-10-02 20:04:51 ----AD---- C:\windows\ehome
2008-09-28 18:40:04 ----D---- C:\Program Files\MSN
2008-09-28 00:04:26 ----D---- C:\Program Files\ICQToolbar
2008-09-26 23:35:51 ----SD---- C:\windows\Tasks
2008-09-26 13:28:56 ----D---- C:\Documents and Settings
2008-09-26 00:34:49 ----D---- C:\Program Files\Internet Explorer
2008-09-26 00:14:15 ----D---- C:\windows\Media
2008-09-25 23:51:54 ----D---- C:\downloads
2008-09-25 21:11:39 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-09-24 16:55:03 ----D---- C:\IconTRYOUT
2008-09-23 15:03:31 ----D---- C:\Program Files\ICQ6
2008-09-21 01:06:52 ----D---- C:\WESTWOOD
2008-09-21 01:06:22 ----D---- C:\Program Files\WildTangent
2008-09-21 01:05:08 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-20 11:43:05 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-19 22:27:21 ----D---- C:\Program Files\WC3Banlist
2008-09-19 22:23:55 ----D---- C:\gmax
2008-09-19 22:22:29 ----D---- C:\Program Files\WE Unlimited
2008-09-19 22:18:42 ----D---- C:\Program Files\Google
2008-09-19 22:18:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-18 20:03:47 ----A---- C:\windows\WIN.INI
2008-09-15 15:49:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-14 17:39:35 ----D---- C:\windows\Microsoft.NET
2008-09-14 16:52:46 ----D---- C:\windows\system32\XPSViewer
2008-09-09 21:05:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\windows\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 tmtdi;Trend Micro TDI Driver; C:\windows\system32\DRIVERS\tmtdi.sys [2008-10-06 80400]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2007-05-24 271360]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2007-05-24 18048]
R2 MCSTRM;MCSTRM; C:\windows\system32\drivers\MCSTRM.sys [2007-11-03 8413]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmactmon;tmactmon; \??\C:\windows\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\windows\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\windows\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\windows\system32\DRIVERS\tmpreflt.sys [2008-10-06 36368]
R2 tmxpflt;tmxpflt; C:\windows\system32\DRIVERS\tmxpflt.sys [2008-10-06 205328]
R2 vsapint;vsapint; C:\windows\system32\DRIVERS\vsapint.sys [2008-10-06 1195448]
R3 aracpi;aracpi; C:\windows\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\windows\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\windows\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\windows\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEARAspiWDM; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmcfw;Trend Micro Common Firewall Service; C:\windows\system32\DRIVERS\TM_CFW.sys [2008-10-06 334352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 akx6av7v;akx6av7v; C:\windows\system32\drivers\akx6av7v.sys []
S3 arhidfltr;MS Ar HID Filter Driver; C:\windows\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys []
S3 EagleNT;EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 HSX_DP;HSX_DP; C:\windows\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
S3 HSXHWBS2;HSXHWBS2; C:\windows\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
S3 MHNDRV;MHN driver; C:\windows\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 winachsx;winachsx; C:\windows\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 ehRecvr;Media Center Receiver Service; C:\windows\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\windows\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2007-12-05 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-10-06 707128]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-07 1174152]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008-10-06 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-10-06 677128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\windows\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\windows\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Info

info.txt logfile of random's system information tool 1.04 2008-10-08 20:13:29

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.60 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advanced Batch Converter-->C:\Program Files\Advanced Batch Converter\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Autodesk Backburner 2008.1-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone Plus User's Guide-->"C:\Program Files\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Ewisoft Website Builder (include eCommerce Builder) Version 4.3-->"C:\Program Files\EwisoftWeb\unins000.exe"
FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ICQ Toolbar-->regsvr32 /u /s "C:\PROGRA~1\ICQTOO~1\toolbaru.dll"
ICQ6-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImageConverter Plus 7.1-->"C:\Program Files\ImageConverter Plus\unins000.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lords of Magic Special Edition-->C:\WINDOWS\IsUninst.exe -fC:\SIERRA\LOMSE\Uninst.isu
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maya 8.5 Personal Learning Edition Documentation (en_US)-->MsiExec.exe /I{6A829DA3-E377-4BC0-938F-F453C6BB3F67}
Maya 8.5 Personal Learning Edition-->MsiExec.exe /I{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft DirectX SDK (June 2007)-->MsiExec.exe /I{BBF84B6A-DA3E-4302-997A-00D5490D70B0}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0409
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.2-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vale Software MSDE Manager-->"C:\Program Files\Vale Software\MSDE Manager 5\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtools 3D Life Player-->C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.7.4-->"C:\Program Files\WinSCP3\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

======Security center information======

AV: Trend Micro Internet Security
FW: Norton Internet Worm Protection (disabled)
FW: Trend Micro Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin;C:\Program Files\Microsoft DirectX SDK (June 2007)\Utilities\Bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ImageConverter Plus;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DXSDK_DIR"=C:\Program Files\Microsoft DirectX SDK (June 2007)\

-----------------EOF-----------------

I have run - SpyHunter (Very Unwittingly.. removed now), Kspersky, Norton, Trend IS, Malwarebyte's AntiMalware, All of the Anti-Malware programs and Anti-Virus meantioned in the Stickied "Read before Posting HJ Log".

The current condition of my computer, is about 3 times more slower then usually. Web pages sometimes don't load, and i get pop ups, which have calmed down. The access on my cmputer, on the other hand, has decreased dramatically. My internet settings are changed every few hours, I need to manually access the C:\ folder, and i cannot acces "Run", "All Programs", and the Control Panel. I also cannot access Task Manager so i cannot kill any of his proccess. Advice would be welcomed.

Thanks

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:45 AM

Posted 09 October 2008 - 01:17 PM

Thanks for the feedback. Please don't run any scanners until we are done.


Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case eMule,uTorrent,BitTorrent,BitZip). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Please download the attached remove.bat file and save it to your desktop. Then doubleclick it to run it.

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let remove anything it finds, reboot if needed and copy/paste the log to your reply.

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1


    Additional instructions can be found here if needed.

  • I see on the log the DAEMON Tools Toolbar is installed on your computer:

    This program is known to be bundled with spyware. You may read more about it here:
    http://www.castlecops.com/tk54885-DTToolbar_dll.html
    http://vil.mcafeesecurity.com/vil/content/v_133312.htm

    To uninstall DAEMON Tools Toolbar:

    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    DAEMON Tools Toolbar

    Also remove the folder in bold: C:\Program Files\DAEMON Tools Toolbar

  • Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you remove the program if you are not using it.
    If you decided to uninstall it click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist:

    Viewpoint Media Player.

    Also remove the folder in bold: C:\Program Files\Viewpoint

  • I see you have Norton product on your computer:
    On the add/remove list: Symantec KB-DocID
    HJT service list: O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    Please let me know if these are remains of an incomplete uninstall or you still use Norton.

  • We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully.

    You have to install the Recovery Console before running the tool because Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Instruction to install Recovery Console :

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image


    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • At the next prompt, click 'Yes' to run the full ComboFix scan.

      Posted Image
    • When the tool is finished, it will produce a report for you.
    Please copy and paste the content of C:\ComboFix.txt for further review.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please copy/paste in your next reply:
  • The log of MBAM.
  • Tell me about the Norton.
  • The Combofix log.
  • A fresh Hijackthis log.

Edited by farbar, 09 October 2008 - 01:26 PM.


#5 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2008 - 02:49 PM

Ok, after an annoying 2 hours of scanning and removing... Here it is. I have posted all three logs at the bottom of this post.

This is taken from -


Using ComboFix

The first thing you should do is print out this guide as we will close all the open windows and programs, including your web browser, before starting the ComboFix program.

Next you should download ComboFix from one of the following URLs:

* BleepingComputer.com <-------- Note
* ForoSpyware.com
* GeeksTogo.com

To download ComboFix, simply left-click on one of the links above and if you are using Internet Explorer, you will see a prompt similar to the figure below.

When i use the first link, this message appears -



Website blocked by Trend Micro Internet Security

This Web page has been identified as Dangerous.

What you can do:
>
For your own safety, please close this web browser window now and never return to this website.
>
If you still want to see this blocked page:


1. Launch Trend Micro Internet Security console.
2. Click Internet & Email Controls.
3. Click the Settings... link under Protection Against Web Threats.
4. Click the Approved websites link in the next window that opens.
5. Copy and paste the address of the blocked website into the list.



Note: If you think this website should not be blocked, please notify Trend Micro by clicking this button:

Copyright © 1995-2008 Trend Micro Incorporated


All the other links work, so i think someone might have put spyware into this.

As for the Norton, I got it a year ago, it came with my computer, and i decided to buy it. I used the two year, but my antivirus was acting strange, so i decided to delete it. This happened right about a few days before the worm.

The funny thing is, Kaspersky was deleted from my computer WITHOUT me doing so. I had left for work, and when i returned, there was no Kaspersky in any folder, even when i checked in "Add or Remove Programs". I also couldn't download any Anti-Virus software up until 3 days ago.

I have ran daily scans with Bytes' and this is the first time he has found any alerts' or other trojans. I have followed your instructions carefully, and my computer is a bit faster, but it is still slower then usual.

HIJACK THIS LOG (1/3)
__________________________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:11 PM, on 10/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\windows\eHome\ehRecvr.exe
C:\windows\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\windows\RTHDCPL.EXE
C:\windows\ARPWRMSG.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10547 bytes

__________________________________________________________________________________________________________________________________

MALWAREBYTE'S ANTIMALWARE LOG (2/3)

__________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.28
Database version: 1226
Windows 5.1.2600 Service Pack 3

10/9/2008 2:58:38 PM
mbam-log-2008-10-09 (14-58-38).txt

Scan type: Quick Scan
Objects scanned: 59159
Time elapsed: 12 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 16
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{697ade27-3e86-48d5-86f8-4c3939580427} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32b8b395-310a-47e6-b5ad-b75370b92f5d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e96a7638-7dde-4811-b18a-677bc79f7978} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.btsq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dkwqgnbe.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e96a7638-7dde-4811-b18a-677bc79f7978} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76487-OEM-0011903-00803) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\s627b2kQ.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\fkebanrw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\dkwqgnbe.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\Malware Defender.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\Protect Your Privacy.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\System Error Fixer.url (Rogue.Link) -> Quarantined and deleted successfully.

__________________________________________________________________________________________________________________________________

COMBOFIX/SP2 SCAN LOG (3/3)

__________________________________________________________________________________________________________________________________

ComboFix 08-10-08.05 - HP_Administrator 2008-10-09 15:11:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.516 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Anton\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\windows\IE4 Error Log.txt
C:\windows\system32\iwuejiud.ini
C:\windows\system32\TDSSerrors.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-09 15:02 . 2008-10-09 15:02 <DIR> d-------- C:\WINDOWS\system32\Service
2008-10-09 10:40 . 2008-10-09 13:50 <DIR> d-------- C:\Program Files\World of Warcraft
2008-10-08 20:13 . 2008-10-08 20:13 <DIR> d-------- C:\rsit
2008-10-08 16:56 . 2008-10-08 16:56 <DIR> d-------- C:\Program Files\Sun
2008-10-08 00:10 . 2008-10-08 00:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2008-10-07 15:57 . 2008-10-07 15:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-07 15:57 . 2008-10-07 16:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 15:56 . 2008-10-07 15:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 15:31 . 2008-10-06 15:14 50,192 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-10-06 15:31 . 2008-10-06 15:14 49,680 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-10-06 15:30 . 2008-10-06 21:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 15:30 . 2008-10-06 15:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-06 15:14 . 2008-10-06 15:14 1,195,448 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-10-06 15:14 . 2008-10-06 15:14 661,808 --a------ C:\WINDOWS\system32\UfWSC.cpl
2008-10-06 15:14 . 2008-10-06 15:14 334,352 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-10-06 15:14 . 2008-10-06 15:14 205,328 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-10-06 15:14 . 2008-10-06 15:14 80,400 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-10-06 15:14 . 2008-10-06 15:14 36,368 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-10-06 15:05 . 2008-10-06 15:14 144,912 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-06 15:03 . 2008-10-06 15:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2008-10-05 21:27 . 2008-10-06 15:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:27 . 2008-10-06 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 20:40 . 2008-10-05 20:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-02 20:16 . 2008-10-02 20:16 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-02 20:16 . 2008-10-02 20:16 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-02 20:16 . 2008-10-02 20:16 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-02 20:16 . 2008-10-02 20:16 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-02 20:13 . 2008-10-02 20:13 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-30 11:17 . 2008-10-02 23:26 <DIR> d-------- C:\Nexon
2008-09-30 11:17 . 2008-09-30 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-29 18:31 . 2008-09-29 19:16 <DIR> d-------- C:\Program Files\Super Mario World
2008-09-28 18:55 . 2008-09-28 18:55 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 18:55 . 2008-09-28 18:55 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-28 18:55 . 2008-09-28 18:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 18:55 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 18:55 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 00:57 . 2008-09-27 00:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\ICQ Toolbar
2008-09-26 23:22 . 2008-09-26 23:21 30,272 --a------ C:\WINDOWS\system32\J8w2K0jU.exe
2008-09-26 14:46 . 2008-09-29 17:56 160 --a------ C:\WINDOWS\mafosav.INI
2008-09-26 14:41 . 2008-09-29 19:15 <DIR> d-------- C:\Buziol Games
2008-09-26 13:28 . 2008-09-26 13:36 <DIR> d-------- C:\Documents and Settings\owner
2008-09-25 23:07 . 2008-09-25 23:07 <DIR> d--hs---- C:\Documents and Settings\HP_Administrator\PrivacIE
2008-09-25 19:23 . 2008-04-13 20:11 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-09-21 12:39 . 2008-09-25 23:32 <DIR> d-------- C:\Program Files\EA GAMES
2008-09-21 12:39 . 2004-08-18 05:17 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-21 10:51 . 2008-09-22 16:19 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-21 10:46 . 2008-09-21 10:46 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-09-20 22:43 . 2008-09-20 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-20 21:26 . 2008-09-20 21:26 <DIR> d-------- C:\KAV
2008-09-20 20:56 . 2008-09-20 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 20:03 . 2008-09-18 20:02 4,353 --a------ C:\WINDOWS\reg16x2.E01
2008-09-18 20:03 . 2008-09-18 20:03 774 --a------ C:\WINDOWS\win.E03
2008-09-18 20:03 . 2007-11-05 22:05 227 --a------ C:\WINDOWS\system.E03
2008-09-18 20:02 . 2008-09-18 20:02 4,353 --a------ C:\WINDOWS\reg16x2.E00
2008-09-18 20:02 . 2008-09-18 20:02 768 --a------ C:\WINDOWS\win.E02
2008-09-18 20:02 . 2007-11-05 22:05 227 --a------ C:\WINDOWS\system.E02
2008-09-17 18:12 . 2008-09-25 23:53 <DIR> d--h----- C:\TEMP
2008-09-17 18:10 . 2008-09-28 18:40 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
2008-09-15 16:23 . 2008-09-15 16:23 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2008-09-15 15:57 . 2008-09-15 15:57 <DIR> d-------- C:\Program Files\AVG
2008-09-14 17:21 . 2008-09-28 18:42 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-09-14 16:54 . 2008-09-14 16:54 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-14 16:51 . 2008-09-14 21:33 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-14 16:51 . 2008-09-14 16:52 <DIR> d-------- C:\4825e3c8f66cad1a7b
2008-09-14 16:40 . 2008-09-14 16:40 <DIR> dr-h----- C:\AHCache
2008-09-14 14:13 . 2008-09-19 22:20 <DIR> d-------- C:\Program Files\StealthBot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 19:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-10-09 18:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-09 18:56 --------- d-----w C:\Program Files\Java
2008-10-09 14:57 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-09 14:13 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-10-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-28 04:04 --------- d-----w C:\Program Files\ICQToolbar
2008-09-23 19:03 --------- d-----w C:\Program Files\ICQ6
2008-09-21 14:46 717,296 ----a-w C:\windows\system32\drivers\sptd.sys
2008-09-21 05:06 --------- d-----w C:\Program Files\WildTangent
2008-09-21 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-20 02:27 --------- d-----w C:\Program Files\WC3Banlist
2008-09-20 02:22 --------- d-----w C:\Program Files\WE Unlimited
2008-09-20 02:18 --------- d-----w C:\Program Files\Google
2008-09-15 19:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-10 01:05 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-09-08 21:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-08 21:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-09-05 05:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\vlc
2008-09-05 03:52 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-05 03:29 --------- d-----w C:\Program Files\VideoLAN
2008-08-30 18:27 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Vale Software
2008-08-30 18:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vale Software
2008-08-30 18:26 --------- d-----w C:\Program Files\Vale Software
2008-08-30 18:26 --------- d-----w C:\Program Files\Common Files\WinMain
2008-08-30 18:10 --------- d-----w C:\Program Files\EwisoftWeb
2008-08-30 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\EwisoftWeb
2008-08-27 20:32 --------- d-----w C:\Program Files\7-Zip
2008-08-25 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-08-24 21:57 --------- d-----w C:\Program Files\Blender Foundation
2008-08-24 21:57 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Blender Foundation
2008-08-24 15:18 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-08-21 00:01 --------- d-----w C:\Program Files\Yahoo!
2008-08-21 00:00 --------- d-----w C:\Program Files\Sonic
2008-08-21 00:00 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-21 00:00 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 23:58 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-08-19 23:52 --------- d-----w C:\Program Files\GIMP-2.0
2008-08-18 00:03 --------- d-----w C:\Program Files\WinPcap
2008-08-12 19:11 --------- d-----w C:\Program Files\Warcraft III
2008-08-12 19:11 --------- d-----w C:\Program Files\Units
2008-08-12 19:11 --------- d-----w C:\Program Files\UI
2008-08-09 00:27 --------- d-----w C:\Program Files\TVAnts
2008-01-05 08:18 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-04-29 04:28 3,930 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2006-10-03 05:43 2,402,550 ------w C:\windows\inf\SET69.tmp
2006-10-03 05:43 2,402,550 ------w C:\windows\inf\SET2C8.tmp
2004-08-09 21:00 1,431,144 ----a-w C:\windows\inf\SETDC.tmp
2004-08-09 21:00 1,431,144 ----a-w C:\windows\inf\SET33B.tmp
2007-05-16 00:05 22 --sha-w C:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 21686568]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-09-01 173304]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-10-06 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-10-06 970808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-10-06 497008]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-25 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-25 27136]

C:\Documents and Settings\Anton\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-25 27136]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-25 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 05:05 90112 c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 17:01 67584 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-09-01 11:08 173304 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-28 12:12 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Autodesk\\Maya 8.5 Personal Learning Edition\\bin\\maya.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\WinPcap\\rpcapd.exe"=
"C:\\Program Files\\Vale Software\\MSDE Manager 5\\MSDEManager.exe"=
"C:\\Program Files\\Vale Software\\MSDE Manager 5\\MSDEMgr.exe"=
"C:\\Program Files\\Vale Software\\MSDE Manager 5\\AutoUpdate.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"6881:TCP"= 6881:TCP:*:Disabled:Blizzard Downloader
"6883:TCP"= 6883:TCP:*:Disabled:Blizzard Downloader
"6882:TCP"= 6882:TCP:*:Disabled:BitTorrent
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8519905-072E-374F-38A4-F9611BD7564A}]
C:\Program Files\Bifrost\msnplus.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-06-07 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{012D9FBA-5736-4E91-9798-3C92984D2832} - C:\windows\nkefbltdbve.dll
BHO-{013740FD-F416-46CA-B375-014C51723F45} - C:\windows\system32\iifCrrro.dll
BHO-{04794FC6-B5CA-4441-8A65-BB40E4778AF7} - (no file)
BHO-{14FDB2F4-B48D-45EC-9138-46A07D7E291D} - C:\windows\system32\iifCrrro.dll
BHO-{8272D1A8-12F4-4CA5-92ED-4B1598569C41} - C:\windows\system32\iifCrrro.dll
HKCU-Run-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
HKCU-RunOnce-FFTI - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\clsaiyas.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe
HKLM-Run-ISUSPM Startup - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
HKLM-Run-PCDrProfiler - (no file)
MSConfigStartUp-Acrobat Assistant 8 - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-DISCover - C:\Program Files\DISC\DISCover.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\clsaiyas.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 15:21:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\hp\KBD\kbd.exe
.
**************************************************************************
.
Completion time: 2008-10-09 15:31:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-09 19:31:00

Pre-Run: 186,393,235,456 bytes free
Post-Run: 186,302,947,328 bytes free

325 --- E O F --- 2008-10-09 15:15:52

Thanks!

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 09 October 2008 - 05:17 PM

The current condition of my computer, is about 3 times more slower then usually. Web pages sometimes don't load, and i get pop ups, which have calmed down. The access on my cmputer, on the other hand, has decreased dramatically. My internet settings are changed every few hours, I need to manually access the C:\ folder, and i cannot acces "Run", "All Programs", and the Control Panel. I also cannot access Task Manager so i cannot kill any of his proccess. Advice would be welcomed.


Well done. As you see the rogue, malware and worm had taken over your computer for a while. Those problems you mentioned should have been resolved. But we have still some work to do. So there comes some more annoying scan to do.
  • You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

    To remove the leftovers please download and run the Norton Removal Tool.

    Warning: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer. If you use ACT! or WinFAX, back up those databases before you proceed.

  • Please download ATF Cleaner by Atribune & save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main "Select Files to Delete" choose: Select All.
    • Click the Empty Selected button.
    • If you use Firefox browser click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera browser click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.
    Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

  • Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link--> virustotal

    Click the browse button and navigate to the files listed below in bold, then click Send File. You will only be able to have one file scanned at a time. If the file is analyzed before click Reanalyse File Now button.

    C:\WINDOWS\system32\J8w2K0jU.exe
    C:\WINDOWS\system32\vp6vfw.dll
    C:\windows\inf\SET69.tmp
    C:\Program Files\Bifrost\msnplus.exe

    Please post back the results of the scan in your next post.

  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).
Please copy/paste in your next reply:
  • The scan result of virustotal.
  • The RSIT log.


#7 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2008 - 03:58 PM

File J8w2K0jU.exe received on 10.10.2008 22:36:24 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 27/36 (75%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 TR/Crypt.ULPM.Gen
Authentium 5.1.0.4 2008.10.10 W32/Heuristic-USU!Eldorado
Avast 4.8.1248.0 2008.10.10 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.10 Downloader.Tiny.H
BitDefender 7.2 2008.10.10 GenPack:Trojan.Downloader.Firu.I
CAT-QuickHeal 9.50 2008.10.10 Win32.Packed.NSAnti.r
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 Trojan.Inject.3812
eSafe 7.0.17.0 2008.10.08 Suspicious File
eTrust-Vet 31.6.6139 2008.10.09 Win32/Vxidl!generic
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 W32/Agent.BP.gen!Eldorado
F-Secure 8.0.14332.0 2008.10.10 Trojan-Downloader.Win32.Firu.atg
Fortinet 3.113.0.0 2008.10.10 Adware/XPProtector
GData 19 2008.10.10 GenPack:Trojan.Downloader.Firu.I
Ikarus T3.1.1.34.0 2008.10.10 Trojan-Downloader.Firu.H
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 Trojan-Downloader.Win32.Firu.atg
McAfee 5402 2008.10.09 New Malware.bj
Microsoft 1.4005 2008.10.10 Trojan:Win32/Bohmini.A
NOD32 3513 2008.10.10 a variant of Win32/TrojanDownloader.Firu
Norman 5.80.02 2008.10.10 W32/Smalldoor.CPBN
Panda 9.0.0.4 2008.10.10 Trj/Agent.JWR
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 Cloaked Malware
Rising 20.65.42.00 2008.10.10 Trojan.PSW.Win32.GameOL.qmf
SecureWeb-Gateway 6.7.6 2008.10.10 Trojan.Crypt.ULPM.Gen
Sophos 4.34.0 2008.10.10 Mal/HckPk-A
Sunbelt 3.1.1708.1 2008.10.10 Trojan-Downloader.Firu.I
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 PAK_Generic.001
VBA32 3.12.8.6 2008.10.09 Trojan-Downloader.Win32.Firu.acg
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Additional information
File size: 30272 bytes
MD5...: 7aea02f599396f4a24f529a901f672e3
SHA1..: 70934347897a311e724d9e400ddab217fce09e77
SHA256: 9640a14258e2fe4c240a574bec855501978a3c123339469d58ae9346814f6605
SHA512: b87b443d609693d425f4336e8d77da802f39ef2ac443e2b179acff9ff39a1ce0
1c4049601fae16376e7e9d8da6f29bb72c421632ef03f40b0ef174ccd5897484
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40cd90
timedatestamp.....: 0x48d4168c (Fri Sep 19 21:15:56 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0x7000 0x7000 7.98 1639294c03bc3dd55d936a956dd5c5ae
.rsrc 0xd000 0x1000 0x200 2.64 3609e5f961643c902c6555eea9d3b805

( 2 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: SetSecurityDescriptorDacl

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp...1D95F00AEFD7C45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File vp6vfw.dll received on 10.10.2008 22:42:41 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 57 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 -
Authentium 5.1.0.4 2008.10.10 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.10 -
CAT-QuickHeal 9.50 2008.10.10 -
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.10 -
Fortinet 3.113.0.0 2008.10.10 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.10 -
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3513 2008.10.10 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.10 -
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 -
Sophos 4.34.0 2008.10.10 -
Sunbelt 3.1.1708.1 2008.10.10 -
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Additional information
File size: 442368 bytes
MD5...: 4d6f38d3cda2d0ba502bc1c499a622cf
SHA1..: c7311880115cda18eae9a00bedc1b5081bb6c5b7
SHA256: 9daf000174e50a511ce98a6014baf7839f2578150e2c63dd005c297a8201302c
SHA512: 719c1f476b0895ada3e8b58745f351583748a6eef706f4362d4e2441e2e983b8
a8fe1578d8437a47ac899451177d455db415a4a91108ca58f5581b1df7173716
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1003b485
timedatestamp.....: 0x3f7c8caf (Thu Oct 02 20:38:07 2003)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4d24f 0x4e000 6.75 bb86fcc270c1139081d105792d34da56
.rdata 0x4f000 0x5db8 0x6000 4.97 0e423d8ab4d4fa34ff37231393cc3d80
.data 0x55000 0x2465c 0x5000 4.97 f63164720bd8862cd8667f3334e2a508
TORQ_CX_ 0x7a000 0x5000 0x5000 0.09 ead29a5646a36c4413c5a7b8842f02da
WILK_DX_ 0x7f000 0xa0 0x1000 0.23 7df2883cfeca5509620ac5b02a356aeb
.rsrc 0x80000 0x83b8 0x9000 3.72 2f575ace40b651bedf32aace391f02c8
.reloc 0x89000 0x2e4a 0x3000 5.58 e337de07355064c8b097826678e09b0a

( 7 imports )
> WINMM.dll: timeGetTime, DefDriverProc
> VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> KERNEL32.dll: FindFirstFileA, FindNextFileA, FindClose, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, DeleteFileA, GetModuleHandleA, GetModuleFileNameA, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, LCMapStringW, QueryPerformanceCounter, QueryPerformanceFrequency, Sleep, RtlUnwind, GetCurrentThreadId, GetCommandLineA, GetVersionExA, HeapAlloc, HeapFree, ExitProcess, HeapReAlloc, GetProcAddress, TerminateProcess, GetCurrentProcess, HeapSize, GetLastError, WriteFile, EnterCriticalSection, LeaveCriticalSection, CloseHandle, ReadFile, TlsAlloc, SetLastError, TlsFree, TlsSetValue, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, UnhandledExceptionFilter, InterlockedExchange, VirtualQuery, VirtualAlloc, IsBadWritePtr, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, SetStdHandle, FlushFileBuffers, CreateFileA, InitializeCriticalSection, MultiByteToWideChar, VirtualProtect, GetSystemInfo, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetACP, GetOEMCP, GetCPInfo, LoadLibraryA, SetEndOfFile, LCMapStringA
> USER32.dll: EnableWindow, SetDlgItemInt, CheckDlgButton, MessageBoxA, DialogBoxParamA, SendMessageA, DestroyWindow, PostMessageA, CreateDialogParamA, ShowWindow, EndDialog, SetDlgItemTextA, GetDlgItemTextA, SetWindowLongA, GetDlgItem, GetWindowLongA, SendDlgItemMessageA, GetDlgItemInt
> GDI32.dll: CreateFontA, SelectObject, CreateBitmap, SetBkColor, SetTextColor, GetStockObject, CreateCompatibleDC, DeleteDC, DeleteObject, GetPixel, SetBkMode, BitBlt, ExtTextOutA
> comdlg32.dll: GetOpenFileNameA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA, RegCloseKey

( 1 exports )
DriverProc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ile SET69.tmp received on 10.10.2008 22:45:12 (CET)
Current status: finished
Result: 0/36 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.1 2008.10.10 -
AntiVir 7.8.1.34 2008.10.10 -
Authentium 5.1.0.4 2008.10.10 -
Avast 4.8.1248.0 2008.10.10 -
AVG 8.0.0.161 2008.10.10 -
BitDefender 7.2 2008.10.10 -
CAT-QuickHeal 9.50 2008.10.10 -
ClamAV 0.93.1 2008.10.10 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.10 -
F-Prot 4.4.4.56 2008.10.10 -
F-Secure 8.0.14332.0 2008.10.10 -
Fortinet 3.113.0.0 2008.10.10 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.10 -
K7AntiVirus 7.10.490 2008.10.10 -
Kaspersky 7.0.0.125 2008.10.10 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3513 2008.10.10 -
Norman 5.80.02 2008.10.10 -
Panda 9.0.0.4 2008.10.10 -
PCTools 4.4.2.0 2008.10.10 -
Prevx1 V2 2008.10.10 -
Rising 20.65.42.00 2008.10.10 -
SecureWeb-Gateway 6.7.6 2008.10.10 -
Sophos 4.34.0 2008.10.10 -
Sunbelt 3.1.1708.1 2008.10.10 -
Symantec 10 2008.10.10 -
TheHacker 6.3.1.0.106 2008.10.10 -
TrendMicro 8.700.0.1004 2008.10.10 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.10.1416 2008.10.10 -
VirusBuster 4.5.11.0 2008.10.10 -
Additional information
File size: 2402550 bytes
MD5...: 0c308738379ffa5c150adb8be2ed088d
SHA1..: a728831d57986633214543fd34afb47ef9ad5c14
SHA256: 2306b6284797139aee71d4bea7b95d6912b5693af87763d368067efe16a28a51
SHA512: cadfa80bb04f72b52a21d7e830b479cb5763bcf72fe3948f318c21ac057d963c
07c2f9e295c7508e224580508ff02288d3b1fc54fb53cef946afb782ef73ef09
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
PEInfo: -
packers (F-Prot): Unicode
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0 bytes size received / Se ha recibido un archivo vacio

This one (for some reason) won't load, the previous message is what is shown after i load it in...

What is RSIT?
Do i still have the first file? If so please tell me how to delete it...

Thanks!

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:45 AM

Posted 10 October 2008 - 04:20 PM

  • You forgot to install the Recovery Console before running Combofix. But We might not need it any more.

  • Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the file in bold by rightclicking it and select Delete:

    C:\WINDOWS\system32\J8w2K0jU.exe

  • RSIT is located on your desktop, you run it after my first post. I need to see its log.txt

  • Tell me also how is your computer running.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 15 October 2008 - 01:07 AM

Its been 5 days without a reply. I appreciate it if you let me know if you wanted to continue.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:45 AM

Posted 16 October 2008 - 01:20 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM and I will reopen it for you.
Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter.
Everyone else please begin a New Topic.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands

Posted 16 October 2008 - 04:55 PM

Topic reopened. Please proceed.

#12 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 17 October 2008 - 09:39 AM

Sorry for my absence, I've been gone since 09 - 16. I hope my kid hasn't installed anything vicious, thanks -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-10-17 10:30:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 156 GB (68%) free of 229 GB
Total RAM: 1022 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31, on 2008-10-17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\windows\eHome\ehRecvr.exe
C:\windows\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\windows\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Documents and Settings\HP_Administrator\Desktop\ArcEmu\Server\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10727 bytes

======Scheduled tasks folder======

C:\windows\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-28 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"=C:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\windows\ARPWRMSG.EXE [2005-08-02 77312]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2007-04-09 200704]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2008-10-06 970808]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [2007-05-15 98304]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"ICQ"=C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-10-06 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6\ICQ.exe [2008-09-01 173304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe"="C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\WinPcap\rpcapd.exe"="C:\Program Files\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon"
"C:\Program Files\Vale Software\MSDE Manager 5\MSDEManager.exe"="C:\Program Files\Vale Software\MSDE Manager 5\MSDEManager.exe:*:Enabled:MSDE Manager"
"C:\Program Files\Vale Software\MSDE Manager 5\MSDEMgr.exe"="C:\Program Files\Vale Software\MSDE Manager 5\MSDEMgr.exe:*:Enabled:MSDE Manager Connection"
"C:\Program Files\Vale Software\MSDE Manager 5\AutoUpdate.exe"="C:\Program Files\Vale Software\MSDE Manager 5\AutoUpdate.exe:*:Enabled:MSDE Manager Update"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Mozilla Firefox\Private Server\Database\bin\mysqld-nt.exe"="C:\Program Files\Mozilla Firefox\Private Server\Database\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\Program Files\Mozilla Firefox\Private Server\ascent-world.exe"="C:\Program Files\Mozilla Firefox\Private Server\ascent-world.exe:*:Enabled:ascent-world"
"C:\Documents and Settings\HP_Administrator\Desktop\New Folder\Database\bin\mysqld-nt.exe"="C:\Documents and Settings\HP_Administrator\Desktop\New Folder\Database\bin\mysqld-nt.exe:*:Enabled:mysqld-nt"
"C:\Documents and Settings\HP_Administrator\Desktop\New Folder\ascent-world.exe"="C:\Documents and Settings\HP_Administrator\Desktop\New Folder\ascent-world.exe:*:Enabled:ascent-world"
"C:\Nexon\Combat Arms\NMService.exe"="C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-10-16 02:23:20 ----HDC---- C:\windows\$NtUninstallKB956803$
2008-10-16 02:23:11 ----HDC---- C:\windows\$NtUninstallKB956391$
2008-10-16 02:23:01 ----HDC---- C:\windows\$NtUninstallKB957095$
2008-10-16 02:22:07 ----HDC---- C:\windows\$NtUninstallKB954211$
2008-10-16 02:21:49 ----HDC---- C:\windows\$NtUninstallKB956841$
2008-10-09 18:16:56 ----A---- C:\windows\system32\d3dx9.dll
2008-10-09 18:16:55 ----D---- C:\Cheat Engine
2008-10-09 16:43:47 ----A---- C:\windows\Lavish.dll
2008-10-09 16:42:33 ----D---- C:\Rhabot
2008-10-09 16:41:52 ----D---- C:\Program Files\InnerSpace
2008-10-09 16:19:28 ----AH---- C:\windows\system32\config.exe
2008-10-09 16:19:28 ----A---- C:\windows\system32\WoWEmuHacker5.exe
2008-10-09 15:10:33 ----D---- C:\windows\erdnt
2008-10-09 15:10:13 ----D---- C:\QooBox
2008-10-09 15:10:10 ----A---- C:\windows\zip.exe
2008-10-09 15:10:10 ----A---- C:\windows\VFIND.exe
2008-10-09 15:10:10 ----A---- C:\windows\SWXCACLS.exe
2008-10-09 15:10:10 ----A---- C:\windows\SWSC.exe
2008-10-09 15:10:10 ----A---- C:\windows\SWREG.exe
2008-10-09 15:10:10 ----A---- C:\windows\sed.exe
2008-10-09 15:10:10 ----A---- C:\windows\NIRCMD.exe
2008-10-09 15:10:10 ----A---- C:\windows\grep.exe
2008-10-09 15:10:10 ----A---- C:\windows\fdsv.exe
2008-10-09 15:02:00 ----D---- C:\windows\system32\Service
2008-10-09 14:22:11 ----D---- C:\WoWGoldHack.exe
2008-10-09 10:40:02 ----D---- C:\Program Files\World of Warcraft
2008-10-08 20:13:05 ----D---- C:\rsit
2008-10-08 16:56:03 ----D---- C:\Program Files\Sun
2008-10-08 16:55:44 ----A---- C:\windows\system32\javaws.exe
2008-10-08 16:55:44 ----A---- C:\windows\system32\javaw.exe
2008-10-08 16:55:44 ----A---- C:\windows\system32\java.exe
2008-10-08 00:10:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2008-10-07 15:57:36 ----D---- C:\Program Files\Lavasoft
2008-10-07 15:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-07 15:56:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-06 15:30:36 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-06 15:30:00 ----D---- C:\Program Files\Trend Micro
2008-10-05 21:27:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:27:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 20:40:15 ----D---- C:\Program Files\Enigma Software Group
2008-10-03 19:52:23 ----HDC---- C:\windows\$NtUninstallKB951978$
2008-10-02 20:26:59 ----D---- C:\windows\Prefetch
2008-10-02 20:23:47 ----HDC---- C:\windows\$NtUninstallKB952954$
2008-10-02 20:23:40 ----HDC---- C:\windows\$NtUninstallKB952287$
2008-10-02 20:23:29 ----HDC---- C:\windows\$NtUninstallKB951748$
2008-10-02 20:23:21 ----HDC---- C:\windows\$NtUninstallKB951698$
2008-10-02 20:23:12 ----HDC---- C:\windows\$NtUninstallKB951376-v2$
2008-10-02 20:23:04 ----HDC---- C:\windows\$NtUninstallKB951376$
2008-10-02 20:22:53 ----HDC---- C:\windows\$NtUninstallKB951066$
2008-10-02 20:22:45 ----HDC---- C:\windows\$NtUninstallKB950974$
2008-10-02 20:22:36 ----HDC---- C:\windows\$NtUninstallKB950762$
2008-10-02 20:22:26 ----HDC---- C:\windows\$NtUninstallKB946648$
2008-10-02 20:22:11 ----HDC---- C:\windows\$NtUninstallKB938464$
2008-10-02 20:16:28 ----D---- C:\windows\system32\scripting
2008-10-02 20:16:27 ----D---- C:\windows\l2schemas
2008-10-02 20:16:26 ----D---- C:\windows\system32\en
2008-10-02 20:16:25 ----D---- C:\windows\system32\bits
2008-10-02 20:13:13 ----D---- C:\windows\ServicePackFiles
2008-10-02 20:04:56 ----HDC---- C:\windows\$NtServicePackUninstall$
2008-10-02 18:05:34 ----A---- C:\windows\system32\31147aca-.txt
2008-09-30 11:17:55 ----D---- C:\Nexon
2008-09-30 11:17:51 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-09-28 18:55:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-09-28 18:55:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 18:55:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 14:46:40 ----A---- C:\windows\mafosav.INI
2008-09-26 14:41:30 ----D---- C:\Buziol Games
2008-09-25 19:23:31 ----A---- C:\windows\system32\ieencode.dll
2008-09-21 12:39:04 ----D---- C:\Program Files\EA GAMES
2008-09-21 12:39:03 ----RA---- C:\windows\system32\vp6vfw.dll
2008-09-21 10:51:49 ----D---- C:\Program Files\DAEMON Tools Lite
2008-09-21 10:46:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
2008-09-20 22:43:22 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-20 21:26:45 ----D---- C:\KAV
2008-09-20 20:56:49 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-18 19:59:47 ----D---- C:\IE5SETUP
2008-09-18 19:59:38 ----A---- C:\windows\ASLOG.BAK
2008-09-18 19:59:07 ----RA---- C:\windows\ASlog.txt

======List of files/folders modified in the last 1 months======

2008-10-17 10:13:53 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Skype
2008-10-17 10:13:34 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
2008-10-17 10:13:27 ----D---- C:\Program Files\Mozilla Firefox
2008-10-17 10:13:17 ----D---- C:\windows\system32\CatRoot2
2008-10-17 01:01:00 ----A---- C:\windows\SchedLgU.Txt
2008-10-16 14:10:40 ----AD---- C:\WINDOWS
2008-10-16 14:08:46 ----D---- C:\windows\system32
2008-10-16 02:23:26 ----HD---- C:\windows\inf
2008-10-16 02:23:22 ----RSHD---- C:\windows\system32\dllcache
2008-10-16 02:23:22 ----D---- C:\windows\system32\drivers
2008-10-16 02:23:17 ----HD---- C:\windows\$hf_mig$
2008-10-16 02:23:15 ----A---- C:\windows\imsins.BAK
2008-10-16 02:22:43 ----D---- C:\Program Files\Internet Explorer
2008-10-16 02:22:29 ----D---- C:\windows\ie7updates
2008-10-15 19:11:34 ----HD---- C:\Config.Msi
2008-10-15 16:57:50 ----D---- C:\windows\Microsoft.NET
2008-10-15 16:57:49 ----RSD---- C:\windows\assembly
2008-10-15 15:23:24 ----D---- C:\Program Files
2008-10-15 14:34:41 ----SHD---- C:\windows\Installer
2008-10-15 14:33:09 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-10-15 14:33:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-15 14:32:14 ----D---- C:\windows\WinSxS
2008-10-15 14:32:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-15 14:30:23 ----D---- C:\Program Files\Common Files
2008-10-15 00:14:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ICQ
2008-10-14 14:37:03 ----D---- C:\windows\system32\config
2008-10-14 14:34:59 ----D---- C:\windows\AppPatch
2008-10-13 02:20:18 ----D---- C:\windows\Minidump
2008-10-11 10:51:04 ----A---- C:\windows\system.ini
2008-10-10 18:17:41 ----HD---- C:\TEMP
2008-10-10 16:05:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-10 14:35:41 ----D---- C:\windows\system32\URTTemp
2008-10-10 14:35:41 ----D---- C:\windows\Registration
2008-10-10 14:35:21 ----A---- C:\windows\system32\PerfStringBackup.INI
2008-10-09 16:33:10 ----A---- C:\windows\system32\tcpmon.ini
2008-10-09 14:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-09 14:56:08 ----D---- C:\Program Files\Java
2008-10-09 14:45:21 ----SD---- C:\windows\Tasks
2008-10-09 11:16:01 ----D---- C:\windows\system32\CatRoot
2008-10-09 10:57:57 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-07 15:19:40 ----A---- C:\windows\system32\MRT.exe
2008-10-06 15:24:20 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-05 21:53:17 ----A---- C:\windows\WININIT.INI
2008-10-03 13:41:15 ----A---- C:\windows\system32\ieframe.dll
2008-10-03 00:41:07 ----D---- C:\windows\system32\inetsrv
2008-10-02 20:28:21 ----A---- C:\windows\OEWABLog.txt
2008-10-02 20:27:05 ----A---- C:\windows\setuplog.txt
2008-10-02 20:26:28 ----D---- C:\windows\system32\Setup
2008-10-02 20:26:28 ----D---- C:\Program Files\Messenger
2008-10-02 20:26:26 ----D---- C:\windows\system32\wbem
2008-10-02 20:26:25 ----SD---- C:\windows\Fonts
2008-10-02 20:25:32 ----D---- C:\windows\security
2008-10-02 20:16:47 ----D---- C:\windows\network diagnostic
2008-10-02 20:16:47 ----D---- C:\windows\ime
2008-10-02 20:16:47 ----D---- C:\windows\Help
2008-10-02 20:16:29 ----D---- C:\windows\system32\usmt
2008-10-02 20:16:29 ----D---- C:\windows\system32\en-US
2008-10-02 20:16:25 ----D---- C:\windows\PeerNet
2008-10-02 20:16:25 ----D---- C:\Program Files\Movie Maker
2008-10-02 20:12:59 ----D---- C:\windows\system32\Restore
2008-10-02 20:12:59 ----D---- C:\windows\system32\npp
2008-10-02 20:12:59 ----D---- C:\windows\mui
2008-10-02 20:12:56 ----D---- C:\windows\msagent
2008-10-02 20:12:54 ----D---- C:\windows\srchasst
2008-10-02 20:12:53 ----D---- C:\Program Files\NetMeeting
2008-10-02 20:12:51 ----D---- C:\windows\system32\Com
2008-10-02 20:12:48 ----D---- C:\Program Files\Windows NT
2008-10-02 20:12:48 ----D---- C:\Program Files\Outlook Express
2008-10-02 20:12:45 ----D---- C:\Program Files\Common Files\System
2008-10-02 20:12:28 ----D---- C:\windows\system32\oobe
2008-10-02 20:12:25 ----D---- C:\windows\system
2008-10-02 20:08:08 ----D---- C:\windows\system32\ReinstallBackups
2008-10-02 20:04:51 ----AD---- C:\windows\ehome
2008-09-28 18:42:38 ----D---- C:\Program Files\PeerGuardian2
2008-09-28 18:40:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\MSNInstaller
2008-09-28 18:40:04 ----D---- C:\Program Files\MSN
2008-09-28 00:04:26 ----D---- C:\Program Files\ICQToolbar
2008-09-26 13:28:56 ----D---- C:\Documents and Settings
2008-09-26 00:14:15 ----D---- C:\windows\Media
2008-09-25 23:51:54 ----D---- C:\downloads
2008-09-24 16:55:03 ----D---- C:\IconTRYOUT
2008-09-23 15:03:31 ----D---- C:\Program Files\ICQ6
2008-09-21 01:06:52 ----D---- C:\WESTWOOD
2008-09-21 01:06:22 ----D---- C:\Program Files\WildTangent
2008-09-21 01:05:08 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-19 22:27:21 ----D---- C:\Program Files\WC3Banlist
2008-09-19 22:23:55 ----D---- C:\gmax
2008-09-19 22:22:29 ----D---- C:\Program Files\WE Unlimited
2008-09-19 22:20:48 ----D---- C:\Program Files\StealthBot
2008-09-19 22:18:42 ----D---- C:\Program Files\Google
2008-09-19 22:18:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-09-18 20:03:47 ----A---- C:\windows\WIN.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\windows\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 tmtdi;Trend Micro TDI Driver; C:\windows\system32\DRIVERS\tmtdi.sys [2008-10-06 80400]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2007-05-24 271360]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2007-05-24 18048]
R2 MCSTRM;MCSTRM; C:\windows\system32\drivers\MCSTRM.sys [2007-11-03 8413]
R2 mdmxsdk;mdmxsdk; C:\windows\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 tmactmon;tmactmon; \??\C:\windows\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\windows\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\windows\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\windows\system32\DRIVERS\tmpreflt.sys [2008-10-06 36368]
R2 tmxpflt;tmxpflt; C:\windows\system32\DRIVERS\tmxpflt.sys [2008-10-06 205328]
R2 vsapint;vsapint; C:\windows\system32\DRIVERS\vsapint.sys [2008-10-06 1195448]
R3 aracpi;aracpi; C:\windows\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\windows\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\windows\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\windows\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\windows\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEARAspiWDM; C:\windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2008-10-10 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 NIC1394;1394 Net Driver; C:\windows\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 tmcfw;Trend Micro Common Firewall Service; C:\windows\system32\DRIVERS\TM_CFW.sys [2008-10-06 334352]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\windows\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 anlwvvgb;anlwvvgb; C:\windows\system32\drivers\anlwvvgb.sys []
S3 arhidfltr;MS Ar HID Filter Driver; C:\windows\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dtscsi;dtscsi; C:\windows\System32\Drivers\dtscsi.sys []
S3 EagleNT;EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 HSX_DP;HSX_DP; C:\windows\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
S3 HSXHWBS2;HSXHWBS2; C:\windows\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
S3 MHNDRV;MHN driver; C:\windows\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 nm;Network Monitor Driver; C:\windows\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\windows\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem; C:\windows\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 winachsx;winachsx; C:\windows\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-07 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 ehRecvr;Media Center Receiver Service; C:\windows\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\windows\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2007-12-05 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-10-06 707128]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-09-18 337160]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2008-10-06 492888]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-10-06 677128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 Apache2.2;Apache2.2; C:\Documents and Settings\HP_Administrator\Desktop\ArcEmu\Server\apache\bin\apache.exe [2007-09-21 17408]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\windows\system32\fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\windows\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My computer is still slow and dosn't respond as it used to. If i right click on a file, it takes about 5 - 15 seconds for it to respond.

Thanks

Edited by Anton Zabirko, 17 October 2008 - 09:39 AM.


#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:45 AM

Posted 17 October 2008 - 01:39 PM

No worry about the absence.

We are now going to concentrate on slowness. But first the recovery console.
  • Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System. You should select the download for Service Pack 2 (SP2)


    Posted Image


    Download the file & save it as it's originally named, next to ComboFix.exe.


    Posted Image

    Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
    • As we need just to install the Recovery Console but not run the CombofFix scan at the the next prompt, click "NO" to close ComboFix .

      Posted Image
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
    "undockwithoutlogon"=dword:00000001
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot.
  • Please apply ATF Cleaner once more (Run -> Select All -> Empty Selected).

  • Open the Task Manager (Ctrl+Alt+Del) under Processes tab note which process is taking a high CPU usage. Do this also when you right click a file. Please report your findings.

  • Please download OTViewIt by OldTimer.
    • Save it to your desktop.
    • Double click on the OTViewIt icon on your desktop.
    • Click the "Scan All Users" checkbox.
    • Set File age to 60 days.
    • Type in the Custom Scans section: hijackthisbackups
    • Click Run Scan button.
    • Two reports will open, copy and paste them to your reply:
    • OTViewIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please copy/paste in your next reply:
  • Your findings about processes with CPU usage.
  • The OTViewIt logs.
  • Tell me if you have Windows CD.


#14 Guest_Anton Zabirko_*

Guest_Anton Zabirko_*

  • Guests
  • OFFLINE
  •  

Posted 19 October 2008 - 07:07 PM

OTViewIt logfile created on: 10/19/2008 7:54:47 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 424.69 Mb Available Physical Memory | 41.54% Memory free
2.31 Gb Paging File | 1.80 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 140.54 Gb Free Space | 62.73% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.60 Gb Free Space | 6.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENA
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/10/07 15:58:49 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE
[2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
[2005/12/15 15:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2006/06/21 00:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/01/18 16:57:54 | 05,750,784 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
[2008/10/06 15:14:30 | 00,707,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
[2008/10/06 15:14:32 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
[2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2008/10/11 08:43:00 | 00,576,512 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
[2006/06/13 16:05:26 | 16,239,616 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2005/08/02 19:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
[2007/04/09 08:23:11 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2008/04/28 12:12:15 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2007/08/02 22:08:00 | 00,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[2008/04/13 20:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/06 15:14:33 | 00,970,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/05/15 21:25:12 | 00,098,304 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
[2007/12/07 16:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/08/08 08:11:12 | 00,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
[2008/09/01 11:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.) -- C:\Program Files\ICQ6\ICQ.exe
[2008/10/06 15:14:31 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2007/12/07 16:08:02 | 02,051,016 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2008/10/06 15:14:32 | 00,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
[2005/02/02 12:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
[1998/05/07 05:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- c:\WINDOWS\system\hpsysdrv.exe
[2008/09/24 14:31:35 | 07,671,408 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/04/13 20:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/19 19:54:25 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/07 15:58:49 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/09/21 00:29:42 | 00,017,408 | ---- | M] (Apache Software Foundation) -- C:\Documents and Settings\HP_Administrator\Desktop\ArcEmu\Server\apache\bin\apache.exe -- (Apache2.2 [Auto | Stopped])
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[1999/12/13 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
[2007/04/02 15:15:40 | 00,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv [Auto | Running])
[2005/12/15 15:14:40 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2008/09/08 17:25:03 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/06/21 00:08:48 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2008/01/18 16:57:54 | 05,750,784 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [Auto | Running])
[2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/12/05 01:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
[2007/11/06 16:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2008/10/06 15:14:30 | 00,707,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
[2008/09/18 21:12:08 | 00,337,160 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Stopped])
[2008/10/06 15:14:32 | 00,492,888 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
[2008/10/06 15:14:32 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2005/03/09 10:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8 [System | Running])
[2007/05/24 17:40:23 | 00,271,360 | ---- | M] () -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2003/11/05 03:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run [Boot | Running])
[2005/06/29 13:03:18 | 00,175,104 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2 [Boot | Running])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/10/10 18:18:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Running])
[2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/03/08 00:52:26 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2005/03/08 00:52:27 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2005/03/08 00:52:28 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2005/12/06 07:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Stopped])
[2005/12/06 07:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP [On_Demand | Stopped])
[2005/06/17 02:33:40 | 00,872,064 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/06/14 07:04:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2007/05/24 17:40:23 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2007/11/03 13:36:10 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
[2005/10/05 11:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 14:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2007/12/05 01:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2006/03/03 11:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
[2006/03/03 11:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
[2005/12/12 13:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running])
[2004/08/09 17:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/20 22:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/03 10:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139 [On_Demand | Stopped])
[2007/04/09 08:27:07 | 00,031,548 | ---- | M] (PowerISO Computing, Inc.) -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Running])
[2008/09/21 10:46:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/10/25 16:52:05 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
[2008/10/06 15:14:40 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon [Auto | Stopped])
[2008/10/06 15:14:40 | 00,334,352 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2008/10/06 15:14:40 | 00,144,912 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/10/06 15:14:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2008/10/06 15:14:40 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/10/06 15:14:40 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped])
[2008/10/06 15:14:40 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2005/12/06 07:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (HKLM) -- C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (Hewlett-Packard)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{C4069E3A-68F1-403E-B40E-20066696354B}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AlwaysReady Power Message APP"=ARPWRMSG.EXE (Microsoft)
"ftutil2"=rundll32.exe ftutil2.dll,SetWriteCacheMode (Promise Technology, Inc.)
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /install ()
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE ()
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" (Trend Micro Inc.)
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent (ICQ, Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"Steam"="C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" silent (ICQ, Inc.)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
"Steam"="C:\Program Files\Steam\Steam.exe" -silent (Valve Corporation)

========== (O4) Startup Folders ==========

[1999/11/06 20:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Anton\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe
[1999/11/06 20:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe
[1999/11/06 20:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe
[1999/11/06 20:11:14 | 00,027,136 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\Guest\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=227
"NoCDBurning"=0
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=0
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\Software\Microsoft\Internet Explorer\MenuExt\]
&Search: Reg Error: Value does not exist or could not be read. File not found
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Button: Internet Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/10/02 20:19:34 | 00,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}: Menu: Internet Connection Help -- %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [2008/10/02 20:19:34 | 00,000,706 | ---- | M] ()
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Button: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008/09/01 11:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Menu: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008/09/01 11:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
46 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
goldennumber.net\www: https in My Computer
wildgames.com\www.download: https in My Computer
47 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2341681145-2294276371-3646692216-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
goldennumber.net\www: https in My Computer
wildgames.com\www.download: https in My Computer
47 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab -- DLM Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{22D9E889-D413-4B99-A970-082FBD30728C} (Servers: | Description: )
{6B8A51F8-7D88-4DB3-BFEB-FDBD14A867CC} (Servers: | Description: NVIDIA nForce Networking Controller)
{6DC95EFD-EB3A-4055-8963-23E3B2922B4D} (Servers: | Description: Westell WireSpeed Dual Connect Modem)
{892900FC-9814-4488-99C0-81491C1EE93D} (Servers: | Description: HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter)
{9CC54796-7394-4A80-9CAE-A1E2C9DA64B8} (Servers: | Description: 1394 Net Adapter)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

Autodesk []
[2008/08/25 08:09:07 | 00,000,000 | ---D | M] -- C:\Autodesk -- [ NTFS ]

AUTOEXEC.BAT []
[2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ]

========== Files/Folders - Created Within 30 Days ==========

[178 C:\windows\System32\*.tmp files]
[1 C:\windows\*.tmp files]
[2008/10/19 19:54:22 | 00,421,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/19 19:04:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2008/10/19 19:04:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2008/10/19 19:04:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2008/10/19 19:04:55 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2008/10/19 19:04:55 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\windows\fdsv.exe
[2008/10/19 19:04:55 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2008/10/19 19:04:55 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2008/10/19 19:04:55 | 00,049,152 | ---- | C] () -- C:\windows\VFIND.exe
[2008/10/19 19:03:49 | 02,992,886 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2008/10/19 14:52:30 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\In a small thicket just south of.doc
[2008/10/18 16:54:36 | 00,001,647 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Call of Duty 4 Modern Warfare.lnk
[2008/10/18 15:47:06 | 00,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/10/18 15:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/10/18 15:46:05 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2008/10/18 15:36:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/10/18 12:27:46 | 00,000,713 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Garry's Mod.lnk
[2008/10/18 11:30:19 | 00,001,599 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Portal.lnk
[2008/10/17 17:25:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2008/10/17 17:25:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\PacSteamT
[2008/10/17 17:25:22 | 00,000,000 | ---D | C] -- C:\Program Files\PacSteamT
[2008/10/17 17:20:43 | 00,000,000 | ---D | C] -- C:\Program Files\ExtractER
[2008/10/17 16:33:29 | 00,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2008/10/16 17:08:07 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
[2008/10/16 00:54:40 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410-08 substance abuse.doc
[2008/10/15 20:11:31 | 00,514,560 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hernan Cortes and the Fall of the Aztec.ppt
[2008/10/15 18:36:48 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\srv.sys
[2008/10/15 18:36:29 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2008/10/15 18:36:20 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2008/10/15 18:36:20 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2008/10/15 18:36:19 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlpa.exe
[2008/10/15 18:36:19 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe
[2008/10/15 15:47:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\dbcExtractor
[2008/10/15 15:23:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\SQLyog
[2008/10/15 15:23:25 | 00,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SQLyog Enterprise.lnk
[2008/10/15 15:23:24 | 00,000,000 | ---D | C] -- C:\Program Files\SQLyog Enterprise Trial
[2008/10/15 15:18:04 | 11,007,934 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SQLyog711EntTrial.exe
[2008/10/15 14:34:30 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2008/10/15 14:33:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Visual Studio 2008
[2008/10/15 14:32:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft Help
[2008/10/15 14:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\TSVNCache
[2008/10/15 14:30:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2008/10/15 14:30:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2008/10/15 14:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/10/15 14:29:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2008/10/15 14:18:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\TortoiseSVN
[2008/10/15 14:16:06 | 00,000,000 | ---D | C] -- C:\SVN
[2008/10/15 14:16:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Subversion
[2008/10/15 14:04:19 | 02,728,440 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\vcsetup.exe
[2008/10/15 14:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2008/10/15 14:03:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2008/10/15 14:01:11 | 18,764,288 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\TortoiseSVN-1.5.4.14259-win32-svn-1.5.3.msi
[2008/10/15 13:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\pico's repack
[2008/10/15 12:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\MySQL
[2008/10/15 12:22:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Apple's Ascent 5.0
[2008/10/15 12:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Desktop
[2008/10/15 12:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\httpd-2.2.9
[2008/10/15 11:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\TGMS-WoW Repack
[2008/10/15 11:12:45 | 52,925,400 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\AC Web Ultimate Repack.exe
[2008/10/14 20:14:54 | 63,370,298 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\ArcEmu+for+2.4.3.exe
[2008/10/14 16:45:01 | 13,275,2214 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0009.avi
[2008/10/14 16:44:28 | 07,340,634 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0008.avi
[2008/10/14 16:44:04 | 05,136,168 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0007.avi
[2008/10/14 16:43:50 | 00,509,806 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0006.avi
[2008/10/14 16:36:34 | 34,823,566 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0005.avi
[2008/10/14 16:36:03 | 05,176,164 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0004.avi
[2008/10/14 16:35:24 | 00,367,536 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0003.avi
[2008/10/14 16:35:22 | 00,287,446 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0002.avi
[2008/10/14 16:33:33 | 26,518,332 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0001.avi
[2008/10/14 16:30:13 | 00,000,000 | ---D | C] -- C:\Program Files\HyCam2
[2008/10/14 14:35:58 | 00,000,000 | ---D | C] -- C:\windows\temp
[2008/10/14 14:23:25 | 00,000,000 | ---D | C] -- C:\Program Files\1SITE_Lite
[2008/10/13 19:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Website 1.0
[2008/10/13 19:14:27 | 00,000,641 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HeidiSQL.lnk
[2008/10/13 19:14:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2008/10/13 19:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\HeidiSQL
[2008/10/13 18:22:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Pedregon's 2.4.3 Repack
[2008/10/13 18:09:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Loozy_server_Repack_2.4.3
[2008/10/13 18:06:36 | 31,610,496 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Loozy_server_Repack_2.4.3.zip
[2008/10/13 17:34:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\ArcEmu
[2008/10/11 22:32:51 | 00,001,508 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Combat Arms.lnk
[2008/10/11 20:35:20 | 51,633,6956 | ---- | C] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\CombatArmsSetup.exe
[2008/10/11 13:02:28 | 01,737,000 | ---- | C] (Ansgar Becker ) -- C:\Documents and Settings\HP_Administrator\Desktop\HeidiSQL_3.2_Setup.exe
[2008/10/10 19:39:13 | 00,000,000 | ---D | C] -- C:\Program Files\Private server2
[2008/10/10 19:39:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder
[2008/10/10 19:11:14 | 00,000,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Navicat Lite for MySQL.lnk
[2008/10/10 19:11:13 | 01,073,152 | ---- | C] () -- C:\windows\System32\libmysql_c.dll
[2008/10/10 19:11:12 | 00,000,000 | ---D | C] -- C:\Program Files\PremiumSoft
[2008/10/10 18:19:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Hamachi
[2008/10/10 18:18:32 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\windows\System32\drivers\hamachi.sys
[2008/10/10 18:18:32 | 00,000,643 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2008/10/10 18:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2008/10/10 18:17:32 | 01,011,784 | ---- | C] (LogMeIn Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HamachiSetup-1.0.3.0-en.exe
[2008/10/10 17:56:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Logs
[2008/10/10 17:21:25 | 02,869,264 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\dotNetFx35setup.exe
[2008/10/10 15:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/10/10 15:38:37 | 02,344,429 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2008/10/09 18:30:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\WoWEmuHacker_4.3_Beta_4_for_wow_2.4.1___04_03_08
[2008/10/09 18:16:56 | 01,970,176 | ---- | C] () -- C:\windows\System32\d3dx9.dll
[2008/10/09 18:16:55 | 00,000,000 | ---D | C] -- C:\Cheat Engine
[2008/10/09 18:15:57 | 03,708,905 | ---- | C] (Dark Byte ) -- C:\Documents and Settings\HP_Administrator\Desktop\CheatEngine54.exe
[2008/10/09 16:43:47 | 00,114,688 | ---- | C] () -- C:\windows\Lavish.dll
[2008/10/09 16:42:33 | 00,000,000 | ---D | C] -- C:\Rhabot
[2008/10/09 16:41:52 | 00,000,000 | ---D | C] -- C:\Program Files\InnerSpace
[2008/10/09 16:19:28 | 00,220,160 | ---- | C] (DeathSoft™) -- C:\windows\System32\WoWEmuHacker5.exe
[2008/10/09 16:19:28 | 00,020,460 | -H-- | C] () -- C:\windows\System32\config.exe
[2008/10/09 15:20:33 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Blender.lnk
[2008/10/09 15:20:33 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Photoshop CS3.lnk
[2008/10/09 15:20:33 | 00,000,801 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GIMP 2.lnk
[2008/10/09 15:10:33 | 00,000,000 | ---D | C] -- C:\windows\erdnt
[2008/10/09 15:10:13 | 00,000,000 | ---D | C] -- C:\QooBox
[2008/10/09 15:10:10 | 00,028,672 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2008/10/09 15:07:41 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/09 15:02:00 | 00,000,000 | ---D | C] -- C:\windows\System32\Service
[2008/10/09 14:45:18 | 00,000,090 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\remove.bat
[2008/10/09 14:44:55 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\remove.bat
[2008/10/09 14:42:53 | 04,011,276 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Stat_Changer_Fix.exe
[2008/10/09 14:22:11 | 00,000,000 | ---D | C] -- C:\WoWGoldHack.exe
[2008/10/09 13:53:20 | 01,561,989 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WorldofWargoldhack2.4.3.zip
[2008/10/09 13:18:52 | 00,697,551 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW GM Power Hack.zip
[2008/10/09 12:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\GM RoyalHack
[2008/10/09 12:28:36 | 00,473,500 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_RoyalHack.zip
[2008/10/09 12:20:19 | 00,257,712 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Launcher.zip
[2008/10/09 12:00:54 | 00,135,168 | ---- | C] (TheUnknown) -- C:\Documents and Settings\HP_Administrator\My Documents\WoW GM Hack.exe
[2008/10/09 11:53:25 | 05,493,436 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_Power_Hack_6.5.exe
[2008/10/09 10:40:02 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/10/09 10:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2008/10/09 10:35:38 | 07,225,055 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_Power_Hack.exe
[2008/10/09 10:23:17 | 05,501,631 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWHack2.3.3.zip
[2008/10/08 23:52:55 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410 Alzheimer's.doc
[2008/10/08 20:13:05 | 00,000,000 | ---D | C] -- C:\rsit
[2008/10/08 20:12:59 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\RSIT.exe
[2008/10/08 16:56:03 | 00,000,000 | ---D | C] -- C:\Program Files\Sun
[2008/10/08 16:28:54 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2008/10/08 14:14:47 | 15,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/10/08 12:46:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2008/10/08 00:10:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
[2008/10/07 20:16:47 | 15,528,321 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\CheatEngine.zip
[2008/10/07 20:14:04 | 00,001,104 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Makefile
[2008/10/07 20:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\docs
[2008/10/07 20:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\common64
[2008/10/07 20:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\common
[2008/10/07 20:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\bootsector
[2008/10/07 20:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\imagemaker
[2008/10/07 20:13:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\parsevmloadermap
[2008/10/07 20:13:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\vmloader
[2008/10/07 20:13:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\parsevmmmap
[2008/10/07 20:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\vmm
[2008/10/07 18:47:48 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anton Zabirko 10.doc
[2008/10/07 15:57:42 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 15:57:41 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 15:57:36 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/07 15:57:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/07 15:56:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/07 15:54:36 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\aaw2008.exe
[2008/10/07 15:51:10 | 00,003,192 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\clantmg
[2008/10/06 22:20:37 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\vitaminquiz1.doc
[2008/10/06 21:22:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\HJTInstall.exe
[2008/10/06 15:31:10 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmactmon.sys
[2008/10/06 15:30:47 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2008/10/06 15:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2008/10/06 15:30:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/06 15:14:45 | 00,661,808 | ---- | C] (trend_company_name) -- C:\windows\System32\UfWSC.cpl
[2008/10/06 15:14:40 | 01,195,448 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\vsapint.sys
[2008/10/06 15:14:40 | 00,334,352 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\TM_CFW.sys
[2008/10/06 15:14:40 | 00,205,328 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmxpflt.sys
[2008/10/06 15:14:40 | 00,080,400 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmtdi.sys
[2008/10/06 15:14:40 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmpreflt.sys
[2008/10/06 15:05:53 | 00,144,912 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2008/10/06 15:04:57 | 66,644,872 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.00_en-US_32-bit.exe
[2008/10/06 15:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\TrendMicro_Downloader
[2008/10/06 15:04:30 | 01,958,864 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\TrendMicro_Downloader.exe
[2008/10/06 14:59:01 | 00,849,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\VSAPI-KD-8.910-1002.ZIP
[2008/10/06 14:57:20 | 13,433,979 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\lpt579.zip
[2008/10/06 14:37:09 | 00,390,729 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Java Msoft Prot.jar
[2008/10/05 21:33:34 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Personal Narrative.doc
[2008/10/05 21:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/10/05 21:27:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/05 21:25:09 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\My Documents\spybotsd160.exe
[2008/10/05 20:40:15 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2008/10/05 20:38:51 | 08,081,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Free-SpyHunter-Scanner-Install.exe
[2008/10/02 22:23:25 | 00,012,345 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\BTNFerocity.zip
[2008/10/02 21:38:57 | 00,035,328 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\English Summary.doc
[2008/10/02 20:26:59 | 00,000,000 | ---D | C] -- C:\windows\Prefetch
[2008/10/02 20:16:28 | 00,000,000 | ---D | C] -- C:\windows\System32\scripting
[2008/10/02 20:16:27 | 00,000,000 | ---D | C] -- C:\windows\l2schemas
[2008/10/02 20:16:26 | 00,000,000 | ---D | C] -- C:\windows\System32\en
[2008/10/02 20:16:25 | 00,000,000 | ---D | C] -- C:\windows\System32\bits
[2008/10/02 20:13:13 | 00,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2008/10/02 20:04:56 | 00,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
[2008/10/02 16:44:56 | 00,292,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\GameCardGrabber.exe
[2008/10/02 00:58:29 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410 Headache Disorders.doc
[2008/10/01 19:42:18 | 00,002,079 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\pharmaceutics exam 1.htm
[2008/10/01 19:42:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\pharmaceutics exam 1_files
[2008/10/01 18:41:18 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anton Zabirko Wednesday.doc
[2008/09/30 11:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\³Ø½¼ Ç÷¯±×
[2008/09/30 11:17:55 | 00,000,000 | ---D | C] -- C:\Nexon
[2008/09/30 11:17:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/30 09:36:47 | 47,802,3106 | ---- | C] (Nexon) -- C:\Documents and Settings\HP_Administrator\My Documents\CombatArmsSetup.exe
[2008/09/29 18:46:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Graphics
[2008/09/29 18:44:42 | 00,524,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Super Mario World (U) [!].smc
[2008/09/29 18:38:43 | 00,793,140 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Super Demo World - The Legend Continues.zip
[2008/09/29 18:31:26 | 00,000,000 | ---D | C] -- C:\Program Files\Super Mario World
[2008/09/29 18:31:01 | 01,197,850 | ---- | C] (GameFabrique ) -- C:\Documents and Settings\HP_Administrator\My Documents\super_mario_world.exe
[2008/09/29 18:29:30 | 00,525,612 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marioleveleditor.zip
[2008/09/28 18:55:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2008/09/28 18:55:38 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2008/09/28 18:55:38 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/28 18:55:37 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2008/09/28 18:55:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/28 18:55:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/09/28 18:54:54 | 02,189,864 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup.exe
[2008/09/28 15:09:51 | 00,007,965 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Website logo.jpg
[2008/09/28 15:04:45 | 00,039,651 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\combat_arms_image_save.jpg
[2008/09/27 12:24:34 | 00,283,577 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\yu_gi_oh_gx_tag_force_2_h.zip
[2008/09/26 17:46:22 | 10,966,6368 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\headaches.mp3
[2008/09/26 14:46:40 | 00,000,160 | ---- | C] () -- C:\windows\mafosav.INI
[2008/09/26 14:41:30 | 00,000,000 | ---D | C] -- C:\Buziol Games
[2008/09/25 19:23:31 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieencode.dll
[2008/09/21 12:47:53 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Cracked P1.lnk
[2008/09/21 12:39:04 | 00,000,000 | ---D | C] -- C:\Program Files\EA GAMES
[2008/09/21 12:39:03 | 00,442,368 | R--- | C] (On2.com) -- C:\windows\System32\vp6vfw.dll
[2008/09/21 10:51:50 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/21 10:51:49 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2008/09/21 10:46:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\DAEMON Tools
[2008/09/20 22:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2008/09/20 21:26:45 | 00,000,000 | ---D | C] -- C:\KAV
[2008/09/20 20:56:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8

========== Files - Modified Within 30 Days ==========

[178 C:\windows\System32\*.tmp files]
[1 C:\windows\*.tmp files]
[2008/10/19 19:54:25 | 00,421,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTViewIt.exe
[2008/10/19 19:31:25 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2008/10/19 19:31:13 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2008/10/19 19:31:06 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2008/10/19 19:19:22 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2008/10/19 19:19:16 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2008/10/19 19:19:14 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/19 19:04:04 | 02,992,886 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2008/10/19 18:53:09 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\In a small thicket just south of.doc
[2008/10/19 02:09:34 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2008/10/18 16:54:36 | 00,001,647 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Call of Duty 4 Modern Warfare.lnk
[2008/10/18 15:47:06 | 00,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2008/10/18 15:46:09 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2008/10/18 15:29:48 | 00,514,560 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Hernan Cortes and the Fall of the Aztec.ppt
[2008/10/18 12:27:46 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Garry's Mod.lnk
[2008/10/18 11:30:19 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Portal.lnk
[2008/10/18 11:25:54 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2008/10/16 17:08:02 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
[2008/10/16 14:09:00 | 01,629,200 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2008/10/16 02:23:15 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2008/10/16 01:31:21 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410-08 substance abuse.doc
[2008/10/15 19:50:26 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/15 15:23:25 | 00,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SQLyog Enterprise.lnk
[2008/10/15 15:18:58 | 11,007,934 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SQLyog711EntTrial.exe
[2008/10/15 14:04:30 | 02,728,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\vcsetup.exe
[2008/10/15 14:02:46 | 18,764,288 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\TortoiseSVN-1.5.4.14259-win32-svn-1.5.3.msi
[2008/10/15 11:18:30 | 52,925,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\AC Web Ultimate Repack.exe
[2008/10/15 10:34:44 | 00,000,799 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.bak
[2008/10/15 01:31:17 | 02,689,596 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2008/10/14 20:20:40 | 63,370,298 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\ArcEmu+for+2.4.3.exe
[2008/10/14 16:56:27 | 13,275,2214 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0009.avi
[2008/10/14 16:44:53 | 07,340,634 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0008.avi
[2008/10/14 16:44:21 | 05,136,168 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0007.avi
[2008/10/14 16:43:56 | 00,509,806 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0006.avi
[2008/10/14 16:38:52 | 34,823,566 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0005.avi
[2008/10/14 16:36:17 | 05,176,164 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0004.avi
[2008/10/14 16:35:26 | 00,367,536 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0003.avi
[2008/10/14 16:35:23 | 00,287,446 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0002.avi
[2008/10/14 16:35:20 | 26,518,332 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clip0001.avi
[2008/10/13 19:14:27 | 00,000,641 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HeidiSQL.lnk
[2008/10/13 19:14:18 | 01,737,000 | ---- | M] (Ansgar Becker ) -- C:\Documents and Settings\HP_Administrator\Desktop\HeidiSQL_3.2_Setup.exe
[2008/10/13 18:09:29 | 31,610,496 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Loozy_server_Repack_2.4.3.zip
[2008/10/11 22:32:51 | 00,001,508 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Combat Arms.lnk
[2008/10/11 21:22:40 | 51,633,6956 | ---- | M] (Nexon) -- C:\Documents and Settings\HP_Administrator\Desktop\CombatArmsSetup.exe
[2008/10/10 19:11:14 | 00,000,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Navicat Lite for MySQL.lnk
[2008/10/10 18:18:32 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\windows\System32\drivers\hamachi.sys
[2008/10/10 18:18:32 | 00,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk
[2008/10/10 18:17:35 | 01,011,784 | ---- | M] (LogMeIn Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HamachiSetup-1.0.3.0-en.exe
[2008/10/10 17:46:14 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2008/10/10 17:21:41 | 02,869,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\dotNetFx35setup.exe
[2008/10/10 15:38:47 | 02,344,429 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\HP_Administrator\Desktop\Norton_Removal_Tool.exe
[2008/10/10 14:35:21 | 00,495,370 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2008/10/10 14:35:21 | 00,437,372 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2008/10/10 14:35:21 | 00,069,090 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2008/10/09 18:16:14 | 03,708,905 | ---- | M] (Dark Byte ) -- C:\Documents and Settings\HP_Administrator\Desktop\CheatEngine54.exe
[2008/10/09 16:33:10 | 00,053,475 | ---- | M] () -- C:\windows\System32\tcpmon.ini
[2008/10/09 15:08:01 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2008/10/09 14:45:14 | 00,000,090 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\remove.bat
[2008/10/09 14:44:57 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\remove.bat
[2008/10/09 14:44:26 | 04,011,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Stat_Changer_Fix.exe
[2008/10/09 14:22:06 | 01,561,989 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WorldofWargoldhack2.4.3.zip
[2008/10/09 13:18:55 | 00,697,551 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoW GM Power Hack.zip
[2008/10/09 12:28:38 | 00,473,500 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_RoyalHack.zip
[2008/10/09 12:20:20 | 00,257,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Launcher.zip
[2008/10/09 12:00:52 | 00,135,168 | ---- | M] (TheUnknown) -- C:\Documents and Settings\HP_Administrator\My Documents\WoW GM Hack.exe
[2008/10/09 11:53:54 | 05,493,436 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_Power_Hack_6.5.exe
[2008/10/09 10:36:30 | 07,225,055 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\GM_Power_Hack.exe
[2008/10/09 10:23:49 | 05,501,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\WoWHack2.3.3.zip
[2008/10/08 23:52:55 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410 Alzheimer's.doc
[2008/10/08 20:12:59 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\RSIT.exe
[2008/10/08 16:28:41 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\HJTInstall.exe
[2008/10/08 14:16:02 | 15,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\IE7-WindowsXP-x86-enu.exe
[2008/10/07 20:18:12 | 15,528,321 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\CheatEngine.zip
[2008/10/07 18:47:49 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anton Zabirko 10.doc
[2008/10/07 15:57:42 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/07 15:57:41 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/07 15:56:19 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\aaw2008.exe
[2008/10/07 15:51:03 | 00,003,192 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\clantmg
[2008/10/07 15:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2008/10/06 22:20:38 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\vitaminquiz1.doc
[2008/10/06 21:22:55 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2008/10/06 19:53:58 | 00,020,460 | -H-- | M] () -- C:\windows\System32\config.exe
[2008/10/06 15:30:47 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trend Micro Internet Security.lnk
[2008/10/06 15:14:45 | 00,661,808 | ---- | M] (trend_company_name) -- C:\windows\System32\UfWSC.cpl
[2008/10/06 15:14:40 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\vsapint.sys
[2008/10/06 15:14:40 | 00,334,352 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\TM_CFW.sys
[2008/10/06 15:14:40 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmxpflt.sys
[2008/10/06 15:14:40 | 00,144,912 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2008/10/06 15:14:40 | 00,080,400 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmtdi.sys
[2008/10/06 15:14:40 | 00,050,192 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmactmon.sys
[2008/10/06 15:14:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmpreflt.sys
[2008/10/06 15:13:52 | 66,644,872 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Desktop\TrendMicro_TIS_17.00_en-US_32-bit.exe
[2008/10/06 15:04:47 | 01,958,864 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\My Documents\TrendMicro_Downloader.exe
[2008/10/06 14:59:04 | 00,849,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\VSAPI-KD-8.910-1002.ZIP
[2008/10/06 14:58:29 | 13,433,979 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\lpt579.zip
[2008/10/06 14:37:09 | 00,390,729 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Java Msoft Prot.jar
[2008/10/05 21:53:17 | 00,000,304 | ---- | M] () -- C:\windows\WININIT.INI
[2008/10/05 21:33:35 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Personal Narrative.doc
[2008/10/05 21:26:34 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\HP_Administrator\My Documents\spybotsd160.exe
[2008/10/05 20:39:32 | 08,081,952 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Free-SpyHunter-Scanner-Install.exe
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll
[2008/10/02 22:23:25 | 00,012,345 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\BTNFerocity.zip
[2008/10/02 22:23:04 | 00,103,584 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/02 21:38:58 | 00,035,328 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\English Summary.doc
[2008/10/02 20:09:51 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/02 16:44:52 | 00,292,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\GameCardGrabber.exe
[2008/10/02 01:26:44 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\PH 410 Headache Disorders.doc
[2008/10/01 19:42:19 | 00,002,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\pharmaceutics exam 1.htm
[2008/10/01 18:41:19 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Anton Zabirko Wednesday.doc
[2008/09/30 11:15:01 | 47,802,3106 | ---- | M] (Nexon) -- C:\Documents and Settings\HP_Administrator\My Documents\CombatArmsSetup.exe
[2008/09/29 18:44:39 | 00,524,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Super Mario World (U) [!].smc
[2008/09/29 18:38:51 | 00,793,140 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Super Demo World - The Legend Continues.zip
[2008/09/29 18:31:01 | 01,197,850 | ---- | M] (GameFabrique ) -- C:\Documents and Settings\HP_Administrator\My Documents\super_mario_world.exe
[2008/09/29 18:29:33 | 00,525,612 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Marioleveleditor.zip
[2008/09/29 17:56:52 | 00,000,160 | ---- | M] () -- C:\windows\mafosav.INI
[2008/09/28 18:55:38 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/09/28 18:55:04 | 02,189,864 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\My Documents\mbam-setup.exe
[2008/09/28 15:09:52 | 00,007,965 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Website logo.jpg
[2008/09/28 15:04:45 | 00,039,651 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\combat_arms_image_save.jpg
[2008/09/27 12:24:35 | 00,283,577 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\yu_gi_oh_gx_tag_force_2_h.zip
[2008/09/26 17:37:15 | 10,966,6368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\headaches.mp3
[2008/09/26 00:36:23 | 00,000,087 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\desktop.ini
[2008/09/21 12:47:53 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims 2 Cracked P1.lnk
[2008/09/21 10:51:50 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2008/09/21 10:46:12 | 00,717,296 | ---- | M] () -- C:\windows\System32\drivers\sptd.sys
< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTViewIt Extras logfile created on: 10/19/2008 7:54:47 PM - Run
OTViewIt by OldTimer - Version 1.0.17.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 424.69 Mb Available Physical Memory | 41.54% Memory free
2.31 Gb Paging File | 1.80 Gb Available in Paging File | 77.98% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 140.54 Gb Free Space | 62.73% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 0.60 Gb Free Space | 6.81% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENA
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/25 16:38:03 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 20:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/25 16:38:03 | 00,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP
[2005/05/11 23:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2005/05/12 00:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2005/06/03 09:50:00 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2005/06/03 09:50:14 | 00,040,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2005/06/03 09:45:46 | 00,081,920 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2005/05/10 21:50:34 | 00,200,704 | ---- | M] () -- C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
[2005/05/10 21:07:26 | 01,081,344 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2005/06/03 10:12:34 | 00,172,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
[2005/05/10 21:34:02 | 00,151,635 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
[2005/06/03 09:51:06 | 00,458,752 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2006/02/09 19:43:36 | 00,110,592 | R--- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
[2006/02/09 19:41:28 | 00,573,440 | ---- | M] ( ) -- C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
[2005/06/03 10:06:04 | 00,057,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/04/05 10:31:06 | 02,326,528 | ---- | M] () -- C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad
[2008/09/01 11:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.) -- C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6
[2008/04/13 20:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2007/05/09 05:34:40 | 00,270,336 | ---- | M] (Autodesk) -- C:\Program Files\Autodesk\Maya 8.5 Personal Learning Edition\bin\maya.exe:*:Enabled:Maya
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/03/30 10:36:34 | 20,638,504 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/02/20 15:26:00 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
[2008/02/20 15:26:00 | 00,532,480 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager
[2008/02/20 15:26:00 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server
[2007/12/23 23:02:06 | 02,179,072 | ---- | M] (Zhejiang University) -- C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
[2007/11/06 16:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe:*:Disabled:Remote Packet Capture Daemon
[2007/04/02 08:04:30 | 00,233,672 | ---- | M] (Vale Software) -- C:\Program Files\Vale Software\MSDE Manager 5\MSDEManager.exe:*:Enabled:MSDE Manager
[2007/04/04 12:15:58 | 04,993,224 | ---- | M] (Vale Software) -- C:\Program Files\Vale Software\MSDE Manager 5\MSDEMgr.exe:*:Enabled:MSDE Manager Connection
[2007/03/29 14:14:20 | 00,127,176 | ---- | M] (Vale Software) -- C:\Program Files\Vale Software\MSDE Manager 5\AutoUpdate.exe:*:Enabled:MSDE Manager Update
[2008/10/11 22:31:05 | 00,159,744 | ---- | M] (Nexon) -- C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/10/11 18:30:51 | 01,082,000 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
[2008/01/18 17:57:54 | 05,750,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\Private Server\Database\bin\mysqld-nt.exe:*:Enabled:mysqld-nt
[2008/05/15 18:06:36 | 06,927,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\Private Server\ascent-world.exe:*:Enabled:ascent-world
[2008/01/18 17:57:54 | 05,750,784 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder\Database\bin\mysqld-nt.exe:*:Enabled:mysqld-nt
[2008/05/15 18:06:36 | 06,927,872 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\New Folder\ascent-world.exe:*:Enabled:ascent-world
[2008/10/01 13:39:08 | 01,470,464 | R--- | M] (Nexon Corp.) -- C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core
[2007/12/07 16:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/30 10:08:00 | 00,991,736 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 05:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/01 15:09:04 | 08,086,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/07 16:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}"=Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}"=SlideShow
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1341D838-719C-4A05-B50F-49420CA1B4BB}"=HP Boot Optimizer
"{15803703-25FA-4C01-A062-3F4A59937E87}"=PhotoImpact X3
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}"=cp_OnlineProjectsConfig
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}"=DocumentViewer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}"=HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926}"=Maya 8.5 Personal Learning Edition
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}"=Sonic_PrimoSDK
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}"=TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}"=SkinsHP1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}"=SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}"=OptionalContentQFolder
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}"=Macromedia Flash MX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}"=Autodesk Backburner 2008.1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}"=HP PSC & OfficeJet 5.3.A
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}"=Trend Micro Internet Security
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}"=CP_Package_Basic1
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}"=BufferChm
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}"=Bonjour
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}"=2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}"=ProductContextNPI
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{567C23E1-7580-4185-B8C2-30805677297C}"=NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}"=WebReg
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}"=MarketResearch
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}"=Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C6F4323-98CC-4031-897F-EEAF6B2AF432}"=TortoiseSVN 1.5.4.14259 (32 bit)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{5F26311C-B135-4F7F-B11E-8E650F83651E}"=DeviceFunctionQFolder
"{608FFCC7-7237-47BB-ABD5-8341754A3BBA}"=MySQL Server 5.0
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}"=RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6A829DA3-E377-4BC0-938F-F453C6BB3F67}"=Maya 8.5 Personal Learning Edition Documentation (en_US)
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}"=Python 2.5.2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}"=DocProc
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}"=Trend Micro Internet Security
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{7510A7FE-3DB3-409E-97F0-3A2796AD78F4}_is1"=Vale Software MSDE Manager
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}"=DocumentViewerQFolder
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{82081779-4175-4666-A457-AB711CD37EF0}"=cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}"=CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}"=CP_AtenaShokunin1Config
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}"=Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}"=SlideShowMusic
"{8A534F71-3202-4464-A422-B767295E67B9}"=CP_Package_Variety2
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}"=Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}"=Readme
"{93E5A317-24EC-4744-812C-16FECFE86E6A}"=CP_Package_Variety1
"{95120000-00AF-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}"=LightScribe 1.4.105.1
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}"=ScannerCopy
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}"=InstantShareDevices
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}"=Microsoft .NET Framework 3.0 Service Pack 2
"{A8D91906-4032-4443-8C49-69F90E38F39D}"=2570
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}"=cp_PosterPrintConfig
"{B276997E-4367-4b1b-A39C-4CAE7464337A}"=AiO_Scan_CDA
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}"=PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}"=Fax_CDA
"{B6286A44-7505-471A-A72B-04EC2DB2F442}"=CueTour
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}"=AiOSoftwareNPI
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}"=CP_Panorama1Config
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BBF84B6A-DA3E-4302-997A-00D5490D70B0}"=Microsoft DirectX SDK (June 2007)
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}"=Netflix Movie Viewer
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}"=Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}"=Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}"=PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}"=cp_UpdateProjectsConfig
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}"=Scan
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}"=Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}"=Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D8087907-E255-3A41-A46D-D0F798709C71}"=Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}"=HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}"=HpSdpAppCoreApp
"{DC19E750-988B-4005-A355-85EF66055EFE}"=Works Suite OS Pack
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E110480C-5C8D-46F5-A9FE-D680E51E0D0A}"=Rhabot
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}"=HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA103B64-C0E4-4C0E-A506-751590E1653D}"=SolutionCenter
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}"=CP_CalendarTemplates1
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}"=2570Trb
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}"=Status
"{F5E87B12-3C27-452F-8E78-21D42164FD83}"=Microsoft SQL Server 2008 Management Objects
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}"=HP DigitalMedia Archive
"{FB15E224-67C3-491F-9F5C-F257BC418412}"=Destinations
"12133444-BF36-4d4e-B7FB-A3424C645DE4"=GemMaster Mystic
"7-Zip"=7-Zip 4.60 beta
"Adobe Shockwave Player"=Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58"=Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"Advanced Batch Converter"=Advanced Batch Converter
"AwayMode160"=Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F"=Otto
"Blender"=Blender (remove only)
"Cheat Engine 5.4_is1"=Cheat Engine 5.4
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1"=Data Fax SoftModem with SmartCP
"Combat Arms"=Combat Arms
"Creative Media Lite"=Creative Media Lite
"Ewisoft Website Builder (include eCommerce Builder)_is1"=Ewisoft Website Builder (include eCommerce Builder) Version 4.3
"FBX Plugin 2009.0 for Max 2009"=FBX Plugin 2009.0 for Max 2009
"Hamachi"=Hamachi 1.0.3.0
"HeidiSQL_is1"=HeidiSQL 3.2
"HijackThis"=HijackThis 2.0.2
"HP Document Viewer"=HP Document Viewer 5.3
"HP Imaging Device Functions"=HP Imaging Device Functions 7.0
"HP Photo & Imaging"=HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC"=HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools"=HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities"=HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller"=Updates from HP (remove only)
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImageConverter Plus_is1"=ImageConverter Plus 7.1
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}"=PhotoImpact X3
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}"=Customer Experience Enhancement
"IrfanView"=IrfanView (remove only)
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.1.7 (Full)
"Lords of Magic Special Edition"=Lords of Magic Special Edition
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1"=Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU"=Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (2.0.0.17)"=Mozilla Firefox (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"PacSteamT"=PacSteamT
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"PowerISO"=PowerISO
"PremiumSoft Navicat 8.0 Lite for MySQL_is1"=PremiumSoft Navicat 8.0 Lite for MySQL
"Python 2.2.2"=Python 2.2.2
"Python 2.2.3"=Python 2.2.3
"pywin32-py2.2"=Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Macromedia Flash Player 8
"SQLyog Enterprise"=SQLyog Enterprise Trial 7.11
"Steam App 240"=Counter-Strike: Source
"Steam App 400"=Portal
"Steam App 4000"=Garry's Mod
"Steam App 7940"=Call of Duty 4: Modern Warfare
"SystemRequirementsLab"=System Requirements Lab
"TVAnts 1.0"=TVAnts 1.0
"Virtools3DLifePlayer"=Virtools 3D Life Player
"VisualVision_iper_oneSite_lite_e.exe"=Visual Vision iper_oneSite_lite_e
"VLC media player"=VideoLAN VLC media player 0.8.6i
"WIC"=Windows Imaging Component
"WinAce Archiver"=WinAce Archiver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinGimp-2.0_is1"=GIMP 2.4.6
"WinPcapInst"=WinPcap 4.0.2
"WinRAR archiver"=WinRAR archiver
"winscp3_is1"=WinSCP 3.7.4
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"World of Warcraft"=World of Warcraft
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"ZENStonePlusUG"=Creative ZEN Stone Plus User's Guide

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2008 5:28:51 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 5:28:51 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 5:29:17 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 5:29:17 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:12:17 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:12:17 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:19:27 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:19:27 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:31:01 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/19/2008 7:31:01 PM | Computer Name = LENA | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 10/19/2008 7:20:21 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Unauthorized Change Prevention Service service depends
on the tmactmon service which failed to start because of the following error: %%1075

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Unauthorized Change Prevention Service service depends
on the tmactmon service which failed to start because of the following error: %%1075

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:28 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Unauthorized Change Prevention Service service depends
on the tmactmon service which failed to start because of the following error: %%1075

Error - 10/19/2008 7:40:59 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:59 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7003
Description = The tmactmon service depends on the following nonexistent service:
tmevtmgr

Error - 10/19/2008 7:40:59 PM | Computer Name = LENA | Source = Service Control Manager | ID = 7001
Description = The Trend Micro Unauthorized Change Prevention Service service depends
on the tmactmon service which failed to start because of the following error: %%1075


< End of report >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A process called "System Idle Processs". It uses 98 - 99 CPU.

I have a few Windows disks, but i am not sure which you mean.

Thanks!

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:45 AM

Posted 19 October 2008 - 07:22 PM

A process called "System Idle Processs". It uses 98 - 99 CPU.


It indicates the free percentage of CPU. This means the processes at the time of check use 1 to 2 % of the CPU which very normal.

I have a few Windows disks, but i am not sure which you mean.


I was not specific I meant Windows installation CD.

I am going to go through the log tomorrow as it is here too late.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users