Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is sending out spam


  • This topic is locked This topic is locked
14 replies to this topic

#1 Kylok

Kylok

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 10 December 2008 - 12:25 AM

Hello all,

I recently got an e-mail from a network security guy in charge of the internet on my college campus; apparently, my computer sent out (or tried to send) over 13,000 e-mails over the weekend without my knowledge. I spent the day today trying to isolate the problem, but I'm not having much luck. I performed several different anti-virus sweeps (Norton, Avast, AVG), but none of them solved the problem. (I can now monitor the outgoing e-mails with AVG or Avast, but I can't stop them..)

I suspect the e-mails are going through Outlook Express (or using it in some way), since I'm getting AVG responses in OE now for every failed e-mail sent. I ran ComboFix (after seeing a few similar problems on this forum), and it seemed to find a few things, but the problem persists.

Here are my RSIT logs:



LOG.TXT
----------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-12-10 00:03:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (4%) free of 230 GB
Total RAM: 3582 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:47 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\hphmon04.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Email Monitor] rundll32 EmailMonitor.dll, DoAutoRun
O4 - HKLM\..\RunOnce: [EmailSupervisor] unmail.exe -remove
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168290454375
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17037 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPCeeSchedule.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11359F4A-B191-42d7-905A-594F8CF0387B}]
Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-09 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-04-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-04 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11359F4A-B191-42D7-905A-594F8CF0387B} - Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Dictionary.com Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-08-29 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-29 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-09 1261336]
"Email Monitor"=rundll32 EmailMonitor.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"EmailSupervisor"=unmail.exe -remove []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2005-10-07 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-12-20 36903]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hjr11.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hjr11.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e961ee-c859-11dc-a97a-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7513a7a7-a510-11db-a7f3-0018f3df190a}]
shell\Setup\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e53ce6-a1f5-11dc-a942-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97623150-97d3-11db-a7de-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6138f9c-7473-11dd-a9f5-0018f3df190a}]
shell\Setup\command - K:\setup.exe


======File associations======

.js - edit -
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-12-10 00:03:39 ----D---- C:\rsit
2008-12-09 22:05:16 ----SHD---- C:\RECYCLER
2008-12-09 21:37:30 ----A---- C:\ComboFix.txt
2008-12-09 21:13:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\zip.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\grep.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\sed.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 21:13:40 ----D---- C:\WINDOWS\ERDNT
2008-12-09 21:13:40 ----D---- C:\Qoobox
2008-12-09 19:01:12 ----D---- C:\Program Files\Trend Micro
2008-12-09 18:57:25 ----D---- C:\Program Files\SpywareBlaster
2008-12-09 18:20:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2008-12-09 18:18:08 ----A---- C:\WINDOWS\system32\unhttp.exe
2008-12-09 18:15:24 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-09 18:15:24 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-09 17:17:25 ----A---- C:\WINDOWS\system32\unmail.exe
2008-12-09 17:17:19 ----D---- C:\Program Files\Email Monitor
2008-12-09 17:12:48 ----HD---- C:\$AVG8.VAULT$
2008-12-09 15:50:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-09 15:50:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-09 15:50:45 ----D---- C:\Program Files\AVG
2008-12-09 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-09 15:07:04 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-09 14:23:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 04:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 04:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 04:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 04:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 04:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 04:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 04:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 04:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 04:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 04:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 04:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 04:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 04:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 04:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 04:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 04:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 04:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\bits
2008-12-09 04:16:01 ----D---- C:\WINDOWS\l2schemas
2008-12-09 04:13:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 04:09:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 00:33:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 00:33:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 00:33:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 00:33:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 00:33:33 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 00:33:29 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 00:33:18 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 00:33:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 00:33:08 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 00:33:07 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 00:33:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 00:33:04 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 00:33:04 ----A---- C:\WINDOWS\003116_.tmp
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 00:33:00 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 00:32:59 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 00:32:55 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-08 11:02:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-08 11:02:17 ----D---- C:\Program Files\Alwil Software
2008-12-08 10:45:46 ----D---- C:\Program Files\Norton Security Scan
2008-12-08 08:29:42 ----D---- C:\Program Files\Sophie Reader
2008-12-07 02:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:16:55 ----D---- C:\Program Files\iTunes
2008-12-07 02:15:36 ----D---- C:\Program Files\QuickTime
2008-11-30 04:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-30 04:07:57 ----D---- C:\Program Files\NCH Swift Sound
2008-11-30 01:19:11 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sophie
2008-11-29 22:48:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\NCH Software
2008-11-29 22:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-11-29 22:47:36 ----D---- C:\Program Files\NCH Software
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-29 20:27:25 ----D---- C:\Program Files\Sophie
2008-11-19 00:16:43 ----D---- C:\Program Files\Google Video
2008-11-17 20:43:49 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-17 00:16:28 ----D---- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-11-17 00:16:28 ----A---- C:\WINDOWS\system32\sysprs7.dll
2008-11-17 00:16:28 ----A---- C:\WINDOWS\system32\clauth2.dll
2008-11-17 00:16:28 ----A---- C:\WINDOWS\system32\clauth1.dll
2008-11-15 06:47:26 ----D---- C:\Program Files\CamStudio
2008-11-15 06:29:49 ----D---- C:\Tmp
2008-11-13 16:27:43 ----D---- C:\Program Files\AskBarDis
2008-11-13 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-13 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-13 03:00:32 ----D---- C:\Program Files\MSXML 4.0
2008-11-12 18:19:31 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\PLT Scheme
2008-11-12 18:04:58 ----D---- C:\Program Files\PLT

======List of files/folders modified in the last 1 months======

2008-12-10 00:03:46 ----D---- C:\WINDOWS\Temp
2008-12-09 23:51:46 ----A---- C:\WINDOWS\setuplog.txt
2008-12-09 21:37:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 21:37:38 ----D---- C:\WINDOWS\system32
2008-12-09 21:37:32 ----D---- C:\WINDOWS
2008-12-09 21:20:20 ----A---- C:\WINDOWS\system.ini
2008-12-09 21:17:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 21:16:42 ----D---- C:\WINDOWS\system32\config
2008-12-09 21:15:50 ----D---- C:\WINDOWS\AppPatch
2008-12-09 21:15:50 ----D---- C:\Program Files\Common Files
2008-12-09 21:14:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 20:48:21 ----D---- C:\Program Files
2008-12-09 18:38:37 ----SHD---- C:\WINDOWS\Installer
2008-12-09 18:37:24 ----HD---- C:\WINDOWS\inf
2008-12-09 18:37:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 18:36:17 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 18:36:17 ----D---- C:\Program Files\AOL
2008-12-09 18:27:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 15:48:34 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-12-09 15:07:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 14:26:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 14:21:33 ----D---- C:\Program Files\Messenger
2008-12-09 14:21:32 ----SD---- C:\WINDOWS\Fonts
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 04:26:15 ----D---- C:\WINDOWS\security
2008-12-09 04:23:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 04:22:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-09 04:16:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 04:16:06 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 04:16:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 04:16:06 ----D---- C:\WINDOWS\Help
2008-12-09 04:16:05 ----D---- C:\WINDOWS\ime
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 04:16:00 ----D---- C:\WINDOWS\PeerNet
2008-12-09 04:16:00 ----D---- C:\Program Files\Movie Maker
2008-12-09 04:13:44 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 04:13:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 04:13:43 ----D---- C:\WINDOWS\mui
2008-12-09 04:13:42 ----D---- C:\WINDOWS\msagent
2008-12-09 04:13:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 04:13:39 ----D---- C:\Program Files\NetMeeting
2008-12-09 04:13:38 ----D---- C:\WINDOWS\system32\Com
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows NT
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows Media Player
2008-12-09 04:13:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 04:13:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 04:13:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 04:13:19 ----D---- C:\WINDOWS\system
2008-12-09 04:10:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 04:09:40 ----D---- C:\WINDOWS\ehome
2008-12-09 01:26:23 ----D---- C:\Program Files\EverQuest
2008-12-09 00:20:50 ----D---- C:\WINDOWS\Debug
2008-12-08 19:14:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-08 10:50:15 ----D---- C:\Program Files\Symantec
2008-12-08 10:50:13 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-08 10:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-08 10:45:48 ----SD---- C:\WINDOWS\Tasks
2008-12-07 02:16:58 ----D---- C:\Program Files\iPod
2008-12-07 02:16:57 ----D---- C:\Program Files\Common Files\Apple
2008-12-06 01:38:40 ----D---- C:\Program Files\FlashGet
2008-12-04 04:44:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 20:38:37 ----D---- C:\Program Files\Java
2008-11-17 20:44:18 ----D---- C:\Program Files\AIM6
2008-11-17 20:42:47 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-15 07:43:12 ----D---- C:\Fraps
2008-11-15 07:42:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-13 03:06:51 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-13 03:01:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-12 04:14:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-12-30 43672]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-09 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-09 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-09 90632]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 P1100C_CT_CDI;Creative PD1100C HAL Service; C:\WINDOWS\system32\DRIVERS\P1100cCd.sys [2003-01-21 3392]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-10-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-10-07 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-10-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-10-07 142336]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-10-07 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-10-07 751616]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-10-07 178688]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-10-07 114688]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20071204.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-10-07 153088]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P1100CVD;Vibra WebCam; C:\WINDOWS\system32\DRIVERS\P1100cVd.sys [2003-01-22 295260]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2007-01-01 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-06 611664]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-09 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-29 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-17 61440]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-04-13 1245064]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------







INFO.TXT
-------------

info.txt logfile of random's system information tool 1.04 2008-12-10 00:03:49

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy4\Program\SETUP.EXE" /S /U /W
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\WEBDELC.EXE -[WebCam Control
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44267176-A318-447F-A62A-0A5FD608C34F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{55F63529-9E2F-46C0-A22C-8445B670BCFA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe
Add or Remove Adobe Creative Suite 3 Web Standard-->C:\Program Files\Common Files\Adobe\Installers\2bd2f2898f4adf51f1cbb829561bb29\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238}
Adobe Creative Suite 3 Web Standard-->MsiExec.exe /I{9A7A2EBB-3029-493A-8004-2FF7B3A7FF8A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
Adobe Setup-->MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{707D2B5A-03CA-4632-A9D2-D484C6E9F3FE}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auto Gordian Knot 2.45-->C:\Program Files\AutoGK\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Cover Editor 1.3.1.81 (AVSMedia)-->"C:\Program Files\AVSMedia\CoverEditor\unins000.exe"
AVS DVD Copy version 1.4-->"C:\Program Files\AVSMedia\DVDCopy\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Cisco Systems VPN Client 5.0.01.0600-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative WebCam Control-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\WebCam Control\DeIsL1.isu"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Dictionary.com Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
East West EWQLSO PRO XP Gold-->C:\PROGRA~1\EASTWE~1\EWQLSO~2\UNWISE.EXE C:\PROGRA~1\EASTWE~1\EWQLSO~2\INSTALL.LOG
Email Monitor 2.1-->C:\WINDOWS\system32\unmail.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Express Rip-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
Finale NotePad 2007-->C:\Program Files\Finale NotePad 2007\uninstallNP.exe
FlashGet 1.9.4.1063-->C:\Program Files\FlashGet\uninst.exe
Fraps-->"C:\Fraps\uninstall.exe"
Free Video to Flash Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Videos To DVD V2.1-->"C:\Program Files\Videos To DVD\unins000.exe"
FX Teleport-->"C:\Program Files\FX Teleport\Uninstall.exe" "C:\Program Files\FX Teleport\install.log"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Google Video Uploader-->"C:\Program Files\Google Video\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Jitter 1.6.2-->MsiExec.exe /I{62FACD80-FFB6-4BB3-94AD-ED5FDD6832CC}
Kanji Trainer Penpen-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Penpen\UnInst.log" "/APPNAME=Kanji Trainer Penpen"
Legends of Norrath-->"C:\Program Files\InstallShield Installation Information\{D7A89413-FB45-4ECE-A893-32DC87F45554}\setup.exe" -runfromtemp -l0x0009 -removeonly
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MA_CMIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
MaxMSP 4.6.2-->MsiExec.exe /I{EBA35AD5-FE7A-40DE-9408-2B5C9DD8088C}
MediaFACE II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}\setup.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Image Composer 1.5-->C:\Program Files\Microsoft Image Composer\setup\acmsetup.exe /t setup.stf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSConfig CleanUp 1.2-->"C:\Program Files\MSConfig CleanUp\UninsHs.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{7E819CE5-2C41-4C8D-BAF0-B49CC65C5562}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda3D 1.5.3-->"C:\Panda3D-1.5.3\uninst.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
PLT Scheme v4.1.2-->"C:\Program Files\PLT\Uninstall.exe"
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Python 2.5 pygame-1.8.1-->MsiExec.exe /I{B89211A0-5C81-11DD-8757-000ACD11CAF7}
Python 2.5.2-->MsiExec.exe /I{6B976ADF-8AE8-434E-B282-A06C7F624D2F}
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sibelius v3.0-->C:\PROGRA~1\SIBELI~1\SIBELI~1\UNWISE.EXE C:\PROGRA~1\SIBELI~1\SIBELI~1\INSTALL.LOG
Skype 3.1-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sophie Reader-->"C:\Program Files\Sophie Reader\uninstall.exe"
Sophie-->"C:\Program Files\Sophie\uninstall.exe"
Sound Blaster Audigy 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8AD6CB8-DE96-43FA-9B73-5FB873DD1CAE}\setup.exe" -l0x9 /remove
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase SX v2.2.0.33-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
SWI-Prolog (remove only)-->"C:\Program Files\pl\uninstall.exe"
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
TeXnicCenter Version 1 Beta 7.01 (Greengrass)-->"C:\Program Files\TeXnicCenter\unins000.exe"
TortoiseSVN 1.5.3.13783 (32 bit)-->MsiExec.exe /X{8922F418-1066-4FED-AF92-278EAF8DE5B2}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vanguard: Saga of Heroes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{42B80790-B68D-40D1-A5A0-531A7DD27D9E}\setup.exe" -l0x9 -removeonly
Vibra WebCam Driver (1.00.04.0124)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1100c.uns -unsext NT -plugin P1100cpn.dll -pluginres P1100cpn.crl
Vibra WebCam Manual (English)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Vibra WebCam Manual\English\CTManual.isu"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WebCam Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x9 /remove
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

=====HijackThis Backups=====

O20 - AppInit_DLLs: avgrsstx.dll

======Security center information======

AV: AVG Anti-Virus
AV: avast! antivirus 4.8.1229 [VPS 080923-0] (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.7\miktex\bin;c:\Python22;C:\Program Files\TortoiseSVN\bin;C:\Panda3D-1.5.3\python;C:\Panda3D-1.5.3\bin;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------








Let me know if you'd like to see my ComboFix log.

Thanks in advance..

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 17 December 2008 - 07:32 AM

Hello Kylok

Welcome to BleepingComputer :thumbsup:
========================
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Avast.
================================
Yes please post the Combofix log and also do the following:

Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Edited by kahdah, 17 December 2008 - 07:34 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 17 December 2008 - 02:57 PM

Thanks for the reply kahdah!

I get the following error when trying to access the link you posted:

-----
Not Found
The requested URL /suspended.page/ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
-----

I get the same error when just trying to access www.gmer.net, so perhaps the site is temporarily down..? Is there any other site I can download it from?

I'm currently out of the house on my laptop, so I won't be able to run the scan on my infected desktop until tonight (5 hours or so) anyway, so I'll check again then. In the meantime, I have a copy of my ComboFix log. I ran this before the RSIT scan I posted:



-----
ComboFix 08-12-07.04 - HP_Administrator 2008-12-09 21:14:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2878 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\Psr88.sys
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSR88
-------\Service_Psr88


((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 19:01 . 2008-12-09 19:01 <DIR> d-------- c:\program files\Trend Micro
2008-12-09 18:57 . 2008-12-09 19:00 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-09 18:43 . 2008-12-09 18:45 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-09 18:20 . 2008-12-09 18:20 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\TrojanHunter
2008-12-09 18:18 . 2008-12-09 18:29 46,878 --a------ c:\windows\system32\unhttp.exe
2008-12-09 18:15 . 2008-12-09 18:38 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-09 17:17 . 2008-12-09 17:17 <DIR> d-------- c:\program files\Email Monitor
2008-12-09 17:17 . 2008-12-09 18:18 46,880 --a------ c:\windows\system32\unmail.exe
2008-12-09 17:12 . 2008-12-09 19:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-09 15:50 . 2008-12-09 15:53 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-09 15:50 . 2008-12-09 15:50 <DIR> d-------- c:\program files\AVG
2008-12-09 15:50 . 2008-12-09 15:56 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-09 15:50 . 2008-12-09 21:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-09 15:50 . 2008-12-09 15:50 98,440 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-09 15:50 . 2008-12-09 15:50 90,632 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-09 15:50 . 2008-12-09 15:50 12,936 --a------ c:\windows\system32\drivers\avgrkx86.sys
2008-12-09 15:50 . 2008-12-09 15:50 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-09 15:07 . <DIR> c:\windows\LastGood.Tmp
2008-12-09 15:07 . 2008-12-09 15:32 <DIR> d-------- c:\windows\BDOSCAN8
2008-12-09 04:16 . 2008-12-09 04:16 <DIR> d-------- c:\windows\system32\scripting
2008-12-09 04:16 . 2008-12-09 04:16 <DIR> d-------- c:\windows\system32\en
2008-12-09 04:16 . 2008-12-09 04:16 <DIR> d-------- c:\windows\system32\bits
2008-12-09 04:16 . 2008-12-09 04:16 <DIR> d-------- c:\windows\l2schemas
2008-12-09 04:13 . 2008-12-09 04:16 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-09 00:32 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-12-08 11:02 . 2008-12-08 11:02 <DIR> d-------- c:\program files\Alwil Software
2008-12-08 10:45 . 2008-12-08 20:00 <DIR> d-------- c:\program files\Norton Security Scan
2008-12-08 08:29 . 2008-12-08 08:30 <DIR> d-------- c:\program files\Sophie Reader
2008-12-07 02:16 . 2008-12-07 02:17 <DIR> d-------- c:\program files\iTunes
2008-12-07 02:16 . 2008-12-07 02:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:15 . 2008-12-07 02:15 <DIR> d-------- c:\program files\QuickTime
2008-11-30 04:08 . 2008-11-30 04:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-30 04:07 . 2008-11-30 04:07 <DIR> d-------- c:\program files\NCH Swift Sound
2008-11-30 01:19 . 2008-12-08 08:42 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Sophie
2008-11-29 22:48 . 2008-11-29 22:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\NCH Software
2008-11-29 22:47 . 2008-11-30 04:08 <DIR> d-------- c:\program files\NCH Software
2008-11-29 22:47 . 2008-11-29 22:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NCH Software
2008-11-29 20:38 . 2008-11-29 20:38 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-29 20:27 . 2008-11-29 20:27 <DIR> d-------- c:\program files\Sophie
2008-11-19 00:16 . 2008-11-19 00:16 <DIR> d-------- c:\program files\Google Video
2008-11-17 20:43 . 2008-11-17 20:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-17 00:16 . 2008-11-17 00:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2008-11-17 00:16 . 2008-11-17 00:16 1,025 --a------ c:\windows\system32\sysprs7.tgz
2008-11-17 00:16 . 2008-11-17 00:16 1,025 --a------ c:\windows\system32\sysprs7.dll
2008-11-17 00:16 . 2008-11-17 00:16 1,025 --a------ c:\windows\system32\clauth2.dll
2008-11-17 00:16 . 2008-11-17 00:16 1,025 --a------ c:\windows\system32\clauth1.dll
2008-11-17 00:16 . 2008-11-17 00:16 219 --a------ c:\windows\system32\lsprst7.tgz
2008-11-17 00:16 . 2008-11-17 00:16 87 --a------ c:\windows\system32\ssprs.tgz
2008-11-15 06:47 . 2008-11-15 07:26 <DIR> d-------- c:\program files\CamStudio
2008-11-15 06:29 . 2008-11-15 06:29 <DIR> d-------- C:\Tmp
2008-11-13 16:27 . 2008-11-13 16:28 <DIR> d-------- c:\program files\AskBarDis
2008-11-13 03:00 . 2008-11-13 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-12 23:16 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:19 . 2008-11-17 20:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\PLT Scheme
2008-11-12 18:04 . 2008-11-12 18:06 <DIR> d-------- c:\program files\PLT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 23:36 --------- d-----w c:\program files\Common Files\AOL
2008-12-09 09:19 208,896 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2008-12-09 09:18 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-12-09 09:18 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-12-09 09:18 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-12-09 09:18 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-12-09 09:18 341,048 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll
2008-12-09 09:18 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-12-09 09:18 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-12-09 09:18 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-12-09 06:26 --------- d-----w c:\program files\EverQuest
2008-12-09 00:14 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-08 15:50 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-08 15:50 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2008-12-08 15:50 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-08 15:50 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-08 15:50 --------- d-----w c:\program files\Symantec
2008-12-08 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-07 07:16 --------- d-----w c:\program files\iPod
2008-12-07 07:16 --------- d-----w c:\program files\Common Files\Apple
2008-12-06 06:38 --------- d-----w c:\program files\FlashGet
2008-11-30 01:38 --------- d-----w c:\program files\Java
2008-11-18 01:44 --------- d-----w c:\program files\AIM6
2008-11-18 01:42 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 07:11 11,532 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 12:42 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 09:14 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2008-10-31 22:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Skype
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-13 16:05 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\xpce
2008-10-13 15:31 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\SWI-Prolog
2008-10-13 15:27 --------- d-----w c:\program files\pl
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-11 17:00 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-11 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-11-11 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-08-29 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-09 1261336]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]
"Email Monitor"="EmailMonitor.dll" [2006-01-18 c:\windows\system32\EmailMonitor.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"midi1"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hjr11.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 15:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-10-17 15:52 51048 c:\program files\Common Files\Symantec Shared\CCAPP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 15:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 18:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2008-02-07 01:49 718704 c:\program files\Norton Internet Security\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 18:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 22:23 663552 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-13 14:57 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 04:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-10-07 13:08 16384 c:\windows\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-02 21:46 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-12-09 12936]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-08 78416]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-09 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-09 90632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-08 20560]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-09 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-01-25 149352]
R2 P1100C_CT_CDI;Creative PD1100C HAL Service;c:\windows\system32\DRIVERS\P1100cCd.sys [2007-01-18 3392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-02-15 24652]
S0 Hjr11;Hjr11;c:\windows\system32\Drivers\Hjr11.sys []
S3 P1100CVD;Vibra WebCam;c:\windows\system32\DRIVERS\P1100cVd.sys [2007-01-18 295260]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e961ee-c859-11dc-a97a-0018f3df190a}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e53ce6-a1f5-11dc-a942-0018f3df190a}]
\shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6138f9c-7473-11dd-a9f5-0018f3df190a}]
\shell\Setup\command - K:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-23 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-08 15:22]

2008-12-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 09:05]

2008-12-08 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Gut33.sys


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
FireFox -: Profile - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\zt3w8fkn.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 21:20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-12-09 21:37:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 02:37:23

Pre-Run: 9,026,777,088 bytes free
Post-Run: 8,924,344,320 bytes free

385 --- E O F --- 2008-12-09 09:22:35

#4 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 17 December 2008 - 11:00 PM

Hello again,

I uninstalled Avast based on your suggestion to only have one antivirus program active at once.

One more thing worth noting: when I leave my infected computer idle for long stretches of time, I sometimes return to an AVG warning that 'Rootkit.Agent.AV' has been found. I've 'Quarantined' and 'Healed' it, but it has continued to happen. (EDIT: This happened before uninstalling Avast, so maybe it was the result of having two simultaneously running AV programs..)

The GMER site is now accessible (for whatever reason), and I just finished the scan. Here are the results:


-----

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-17 22:47:06
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8993E938 ZwAlertResumeThread
SSDT 8A1B9410 ZwAlertThread
SSDT 8A7D06A8 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwClose [0xA9379618]
SSDT 8A6681E8 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwCreateKey [0xA93794D4]
SSDT 8A597430 ZwCreateMutant
SSDT 8A54ABE0 ZwCreateThread
SSDT 8A349BE0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA95AB130]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDeleteValueKey [0xA93799B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwDuplicateObject [0xA93790AC]
SSDT 8A753BB0 ZwFreeVirtualMemory
SSDT 8A228EC8 ZwImpersonateAnonymousToken
SSDT 8A2EEEC8 ZwImpersonateThread
SSDT 8A231F70 ZwMapViewOfSection
SSDT 8A22BEC8 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenKey [0xA93795AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenProcess [0xA9378FEC]
SSDT 8A203EB0 ZwOpenProcessToken
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwOpenThread [0xA9379050]
SSDT 8A359CF0 ZwOpenThreadToken
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwQueryValueKey [0xA93796CE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwRestoreKey [0xA937968E]
SSDT 8A42F1B8 ZwResumeThread
SSDT 8A1BE4B0 ZwSetContextThread
SSDT 8A1CFF38 ZwSetInformationProcess
SSDT 8A2BABB0 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS ZwSetValueKey [0xA937980E]
SSDT 8A262B60 ZwSuspendProcess
SSDT 8A79DC28 ZwSuspendThread
SSDT 8A6C4128 ZwTerminateProcess
SSDT 8A1AD4B0 ZwTerminateThread
SSDT 8A1A0EC8 ZwUnmapViewOfSection
SSDT 8A7D0618 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? System32\Drivers\aswTdi.SYS The system cannot find the file specified. !
? System32\Drivers\aswSP.SYS The system cannot find the file specified. !
? System32\Drivers\Aavmker4.SYS The system cannot find the file specified. !
? system32\DRIVERS\aswFsBlk.sys The system cannot find the file specified. !
? System32\Drivers\aswMon2.SYS The system cannot find the file specified. !
? System32\Drivers\aswRdr.SYS The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[1400] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[1400] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{7DD3F40A-D355-6812-5F38C6DF25C81416}\{ABD6C561-23A4-DB1A-8071BFAD90F4BBA7}\{44979372-8107-77C6-62A4A40E954B2869}
Reg HKLM\SOFTWARE\Classes\CLSID\{7DD3F40A-D355-6812-5F38C6DF25C81416}\{ABD6C561-23A4-DB1A-8071BFAD90F4BBA7}\{44979372-8107-77C6-62A4A40E954B2869}@NRGWMBKEX6JVJKOMJV534JN2VE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x57 0xA9 0x6D 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}
Reg HKLM\SOFTWARE\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}@NRGWMBKEX6JVJKOMJV534JN2VE1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.14 ----


-----

I hope this provides some sort of insight.. however slight!

Edited by Kylok, 17 December 2008 - 11:05 PM.


#5 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 18 December 2008 - 08:26 AM

Somewhat Gmer didn't show anything.
Combofix took out a hidden service and file.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===============
ALso post a fresh Rsit log and well then let me know if you are still sending spam?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#6 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 18 December 2008 - 11:14 PM

kahdah,

MBAM log looks totally clean. I'm starting to think that my initial ComboFix scan actually did solve whatever the problem was. The reason I thought my computer was still sending e-mails is that I continued to get AVG 'Undelivered mail' messages in Outlook a few hours after the scan, but I think they might have been laggy responses to e-mails sent before the scan. I've kept my computer off the internet until now, but I'm going to keep it on for a while and see if I detect any more outgoing messages.

Here are the scan results, for reference:


-----

Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

12/18/2008 9:32:48 PM
mbam-log-2008-12-18 (21-32-48).txt

Scan type: Quick Scan
Objects scanned: 60117
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----

I'm running a 'full scan' now just in case, and when that's done I'll post another RSIT log. And I'll let you know if I notice any additional e-mails..

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 18 December 2008 - 11:38 PM

OK let me know.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 19 December 2008 - 07:54 AM

I let MBAM run a full scan while I left the computer on all night (connected to the internet). It looks like it did find a few things, which may or may not be related to my problem. I had it fix/delete them and restarted my computer, then ran RSIT again. Here are both logs:


-----
Malwarebytes' Anti-Malware 1.31
Database version: 1519
Windows 5.1.2600 Service Pack 3

12/19/2008 7:30:54 AM
mbam-log-2008-12-19 (07-30-54).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 330231
Time elapsed: 1 hour(s), 57 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP482\A0058969.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP483\A0059079.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP485\A0059173.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP486\A0059265.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP487\A0059353.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP489\A0059462.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP491\A0059606.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP492\A0059742.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP494\A0059870.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP496\A0060123.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88E8F61A-B12E-4EC1-B170-429C575A3159}\RP517\A0061377.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
-----


-----
Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-12-19 07:45:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (5%) free of 230 GB
Total RAM: 3582 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:21 AM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\jre-6u11-windows-i586-p-iftw.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Email Monitor] rundll32 EmailMonitor.dll, DoAutoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168290454375
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16345 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPCeeSchedule.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11359F4A-B191-42d7-905A-594F8CF0387B}]
Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-09 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-04-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-04 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11359F4A-B191-42D7-905A-594F8CF0387B} - Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Dictionary.com Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-08-29 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-29 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-09 1261336]
"Email Monitor"=rundll32 EmailMonitor.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2005-10-07 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-12-20 36903]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hjr11.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hjr11.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e961ee-c859-11dc-a97a-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e53ce6-a1f5-11dc-a942-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6138f9c-7473-11dd-a9f5-0018f3df190a}]
shell\Setup\command - K:\setup.exe


======File associations======

.js - edit -
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-12-19 07:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-19 07:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-19 07:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-19 07:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-19 07:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-19 07:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-18 21:20:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-12-18 21:19:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 21:19:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 22:30:30 ----A---- C:\WINDOWS\gmer.ini
2008-12-17 22:30:29 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-17 22:30:29 ----A---- C:\WINDOWS\gmer.dll
2008-12-17 22:30:28 ----A---- C:\WINDOWS\gmer.exe
2008-12-10 00:03:39 ----D---- C:\rsit
2008-12-09 22:05:16 ----SHD---- C:\RECYCLER
2008-12-09 21:37:30 ----A---- C:\ComboFix.txt
2008-12-09 21:13:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\zip.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\grep.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\sed.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 21:13:40 ----D---- C:\WINDOWS\ERDNT
2008-12-09 21:13:40 ----D---- C:\Qoobox
2008-12-09 19:01:12 ----D---- C:\Program Files\Trend Micro
2008-12-09 18:57:25 ----D---- C:\Program Files\SpywareBlaster
2008-12-09 18:20:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2008-12-09 18:18:08 ----A---- C:\WINDOWS\system32\unhttp.exe
2008-12-09 18:15:24 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-09 18:15:24 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-09 17:17:25 ----A---- C:\WINDOWS\system32\unmail.exe
2008-12-09 17:17:19 ----D---- C:\Program Files\Email Monitor
2008-12-09 17:12:48 ----HD---- C:\$AVG8.VAULT$
2008-12-09 15:50:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-09 15:50:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-09 15:50:45 ----D---- C:\Program Files\AVG
2008-12-09 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-09 15:07:04 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-09 14:23:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 04:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 04:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 04:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 04:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 04:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 04:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 04:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 04:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 04:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 04:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 04:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 04:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 04:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 04:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 04:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 04:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 04:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\bits
2008-12-09 04:16:01 ----D---- C:\WINDOWS\l2schemas
2008-12-09 04:13:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 04:09:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 00:33:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 00:33:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 00:33:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 00:33:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 00:33:33 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 00:33:29 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 00:33:18 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 00:33:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 00:33:08 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 00:33:07 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 00:33:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 00:33:04 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 00:33:04 ----A---- C:\WINDOWS\003116_.tmp
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 00:33:00 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 00:32:59 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 00:32:55 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-08 11:02:17 ----D---- C:\Program Files\Alwil Software
2008-12-08 10:45:46 ----D---- C:\Program Files\Norton Security Scan
2008-12-08 08:29:42 ----D---- C:\Program Files\Sophie Reader
2008-12-07 02:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:16:55 ----D---- C:\Program Files\iTunes
2008-12-07 02:15:36 ----D---- C:\Program Files\QuickTime
2008-11-30 04:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-30 04:07:57 ----D---- C:\Program Files\NCH Swift Sound
2008-11-30 01:19:11 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sophie
2008-11-29 22:48:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\NCH Software
2008-11-29 22:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-11-29 22:47:36 ----D---- C:\Program Files\NCH Software
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-29 20:27:25 ----D---- C:\Program Files\Sophie

======List of files/folders modified in the last 1 months======

2008-12-19 07:45:02 ----D---- C:\WINDOWS\Temp
2008-12-19 07:38:12 ----D---- C:\WINDOWS
2008-12-19 07:37:06 ----D---- C:\WINDOWS\system32
2008-12-19 07:36:50 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 07:36:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 07:34:47 ----HD---- C:\WINDOWS\inf
2008-12-19 07:34:41 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 07:34:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-19 07:34:30 ----D---- C:\Program Files\Internet Explorer
2008-12-19 07:34:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 07:32:59 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:27:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 21:19:55 ----D---- C:\Program Files
2008-12-17 22:27:20 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-12-14 23:40:22 ----A---- C:\WINDOWS\setuplog.txt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 21:20:20 ----A---- C:\WINDOWS\system.ini
2008-12-09 21:16:42 ----D---- C:\WINDOWS\system32\config
2008-12-09 21:15:50 ----D---- C:\WINDOWS\AppPatch
2008-12-09 21:15:50 ----D---- C:\Program Files\Common Files
2008-12-09 18:38:37 ----SHD---- C:\WINDOWS\Installer
2008-12-09 18:37:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 18:36:17 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 18:36:17 ----D---- C:\Program Files\AOL
2008-12-09 18:27:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:07:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 14:26:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 14:21:33 ----D---- C:\Program Files\Messenger
2008-12-09 14:21:32 ----SD---- C:\WINDOWS\Fonts
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 04:26:15 ----D---- C:\WINDOWS\security
2008-12-09 04:23:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 04:16:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 04:16:06 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 04:16:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 04:16:06 ----D---- C:\WINDOWS\Help
2008-12-09 04:16:05 ----D---- C:\WINDOWS\ime
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 04:16:00 ----D---- C:\WINDOWS\PeerNet
2008-12-09 04:16:00 ----D---- C:\Program Files\Movie Maker
2008-12-09 04:13:44 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 04:13:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 04:13:43 ----D---- C:\WINDOWS\mui
2008-12-09 04:13:42 ----D---- C:\WINDOWS\msagent
2008-12-09 04:13:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 04:13:39 ----D---- C:\Program Files\NetMeeting
2008-12-09 04:13:38 ----D---- C:\WINDOWS\system32\Com
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows NT
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows Media Player
2008-12-09 04:13:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 04:13:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 04:13:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 04:13:19 ----D---- C:\WINDOWS\system
2008-12-09 04:10:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 04:09:40 ----D---- C:\WINDOWS\ehome
2008-12-09 01:26:23 ----D---- C:\Program Files\EverQuest
2008-12-09 00:20:50 ----D---- C:\WINDOWS\Debug
2008-12-08 19:14:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-08 10:50:15 ----D---- C:\Program Files\Symantec
2008-12-08 10:50:13 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-08 10:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-08 10:45:48 ----SD---- C:\WINDOWS\Tasks
2008-12-07 02:16:58 ----D---- C:\Program Files\iPod
2008-12-07 02:16:57 ----D---- C:\Program Files\Common Files\Apple
2008-12-06 01:38:40 ----D---- C:\Program Files\FlashGet
2008-12-04 04:44:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 20:38:37 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-12-30 43672]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-09 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-09 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-09 90632]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 P1100C_CT_CDI;Creative PD1100C HAL Service; C:\WINDOWS\system32\DRIVERS\P1100cCd.sys [2003-01-21 3392]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-10-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-10-07 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-10-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-10-07 142336]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-10-07 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-10-07 751616]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-10-07 178688]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-10-07 114688]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20071204.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-17 85969]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-10-07 153088]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P1100CVD;Vibra WebCam; C:\WINDOWS\system32\DRIVERS\P1100cVd.sys [2003-01-22 295260]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2007-01-01 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-06 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-09 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-29 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-17 61440]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-04-13 1245064]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
-----

The computer didn't send any e-mail during the night, so I think (I hope, anyway) the problem was fixed somewhere along the way.

If you have any other suggestions based on the things MBAM found let me know--I'd run a few more scans just to be safe if you think there might be additional viruses/malware/etc.

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 19 December 2008 - 08:28 AM

Hi the things that Mbam found are no longer on your system.
Those are things that were deleted by Combofix as you did have a rootkit present that Combofix took care of.
Just to double check please do the below:

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#10 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 19 December 2008 - 08:21 PM

ATF Cleaner ran with no problem, and here's my Kaspersky report:

-----
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, December 19, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 19, 2008 07:38:45
Records in database: 1480857


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 261805
Threat name 2
Infected objects 5
Suspicious objects 0
Duration of the scan 02:53:21

File name Threat name Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_Psr88_.sys.zip Infected: Rootkit.Win32.Protector.bd 1

D:\I386\APPS\APP18829\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

D:\I386\APPS\APP18829\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.
-----


Awaiting further instructions!

#11 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 20 December 2008 - 07:36 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    D:\I386\APPS\APP18829\src\CompaqPresario_Spring06.exe 
    D:\I386\APPS\APP18829\src\HPPavillion_Spring06.exe
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
AFter that post one more HIjackthis log and we will wrap it up.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#12 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 20 December 2008 - 11:26 AM

OTMoveIt log:

-----

========== FILES ==========
D:\I386\APPS\APP18829\src\CompaqPresario_Spring06.exe moved successfully.
D:\I386\APPS\APP18829\src\HPPavillion_Spring06.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12202008_111820

-----


RSIT log:


-----

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-12-20 11:24:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (5%) free of 230 GB
Total RAM: 3582 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:24 AM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Email Monitor] rundll32 EmailMonitor.dll, DoAutoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168290454375
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HPCeeSchedule.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\Norton Security Scan for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11359F4A-B191-42d7-905A-594F8CF0387B}]
Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-09 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll [2008-06-30 349552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-04-13 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [2008-04-04 734704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{11359F4A-B191-42D7-905A-594F8CF0387B} - Dictionary.com - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll [2003-02-06 270336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-06-30 349552]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Dictionary.com Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar1.dll [2008-11-11 333192]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-09 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"=C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe [2005-08-29 49152]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2002-11-22 348160]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-14 176128]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-09 1261336]
"Email Monitor"=rundll32 EmailMonitor.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\CTHELPER.EXE [2005-10-07 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe [2008-02-07 718704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-13 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-12-20 36903]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hjr11.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hjr11.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25e961ee-c859-11dc-a97a-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77e53ce6-a1f5-11dc-a942-0018f3df190a}]
shell\Setup\command - setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6138f9c-7473-11dd-a9f5-0018f3df190a}]
shell\Setup\command - K:\setup.exe


======File associations======

.js - edit -
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-12-20 11:18:20 ----D---- C:\_OTMoveIt
2008-12-19 07:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-19 07:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-19 07:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-19 07:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-19 07:32:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-19 07:32:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-18 21:20:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-12-18 21:19:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-18 21:19:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 22:30:30 ----A---- C:\WINDOWS\gmer.ini
2008-12-17 22:30:29 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-17 22:30:29 ----A---- C:\WINDOWS\gmer.dll
2008-12-17 22:30:28 ----A---- C:\WINDOWS\gmer.exe
2008-12-10 00:03:39 ----D---- C:\rsit
2008-12-09 22:05:16 ----SHD---- C:\RECYCLER
2008-12-09 21:37:30 ----A---- C:\ComboFix.txt
2008-12-09 21:13:46 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\zip.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 21:13:45 ----A---- C:\WINDOWS\grep.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\sed.exe
2008-12-09 21:13:44 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 21:13:43 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 21:13:40 ----D---- C:\WINDOWS\ERDNT
2008-12-09 21:13:40 ----D---- C:\Qoobox
2008-12-09 19:01:12 ----D---- C:\Program Files\Trend Micro
2008-12-09 18:57:25 ----D---- C:\Program Files\SpywareBlaster
2008-12-09 18:20:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrojanHunter
2008-12-09 18:18:08 ----A---- C:\WINDOWS\system32\unhttp.exe
2008-12-09 18:15:24 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-09 18:15:24 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-09 17:17:25 ----A---- C:\WINDOWS\system32\unmail.exe
2008-12-09 17:17:19 ----D---- C:\Program Files\Email Monitor
2008-12-09 17:12:48 ----HD---- C:\$AVG8.VAULT$
2008-12-09 15:50:55 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-09 15:50:51 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-09 15:50:45 ----D---- C:\Program Files\AVG
2008-12-09 15:50:45 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-09 15:07:04 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-09 14:23:24 ----D---- C:\WINDOWS\Prefetch
2008-12-09 04:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-09 04:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-09 04:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-09 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-09 04:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-09 04:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-09 04:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-09 04:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-09 04:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-09 04:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-09 04:21:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-09 04:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-09 04:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-09 04:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-09 04:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-09 04:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-09 04:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-09 04:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\scripting
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\bits
2008-12-09 04:16:01 ----D---- C:\WINDOWS\l2schemas
2008-12-09 04:13:51 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-09 04:09:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-09 00:33:44 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 00:33:43 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 00:33:42 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 00:33:38 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 00:33:36 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 00:33:35 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 00:33:34 ----N---- C:\WINDOWS\slrundll.exe
2008-12-09 00:33:33 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 00:33:31 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 00:33:30 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 00:33:29 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-09 00:33:26 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 00:33:25 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 00:33:19 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 00:33:18 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 00:33:14 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 00:33:13 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 00:33:09 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 00:33:08 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 00:33:07 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 00:33:05 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 00:33:04 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 00:33:04 ----A---- C:\WINDOWS\003116_.tmp
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 00:33:03 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 00:33:02 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 00:33:01 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 00:33:00 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 00:32:59 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 00:32:57 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 00:32:56 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 00:32:55 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-08 11:02:17 ----D---- C:\Program Files\Alwil Software
2008-12-08 10:45:46 ----D---- C:\Program Files\Norton Security Scan
2008-12-08 08:29:42 ----D---- C:\Program Files\Sophie Reader
2008-12-07 02:16:56 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:16:55 ----D---- C:\Program Files\iTunes
2008-12-07 02:15:36 ----D---- C:\Program Files\QuickTime
2008-11-30 04:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-11-30 04:07:57 ----D---- C:\Program Files\NCH Swift Sound
2008-11-30 01:19:11 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Sophie
2008-11-29 22:48:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\NCH Software
2008-11-29 22:47:47 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-11-29 22:47:36 ----D---- C:\Program Files\NCH Software
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 20:38:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-29 20:27:25 ----D---- C:\Program Files\Sophie

======List of files/folders modified in the last 1 months======

2008-12-20 11:24:23 ----D---- C:\WINDOWS\Temp
2008-12-19 21:02:57 ----D---- C:\Program Files\EverQuest
2008-12-19 10:09:31 ----D---- C:\WINDOWS
2008-12-19 10:08:49 ----D---- C:\WINDOWS\Minidump
2008-12-19 10:07:32 ----SHD---- C:\WINDOWS\Installer
2008-12-19 07:37:06 ----D---- C:\WINDOWS\system32
2008-12-19 07:36:50 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 07:36:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 07:34:47 ----HD---- C:\WINDOWS\inf
2008-12-19 07:34:41 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 07:34:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-19 07:34:30 ----D---- C:\Program Files\Internet Explorer
2008-12-19 07:34:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 07:32:59 ----D---- C:\WINDOWS\ie7updates
2008-12-19 07:27:09 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 21:19:55 ----D---- C:\Program Files
2008-12-17 22:27:20 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-12-14 23:40:22 ----A---- C:\WINDOWS\setuplog.txt
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 21:20:20 ----A---- C:\WINDOWS\system.ini
2008-12-09 21:16:42 ----D---- C:\WINDOWS\system32\config
2008-12-09 21:15:50 ----D---- C:\WINDOWS\AppPatch
2008-12-09 21:15:50 ----D---- C:\Program Files\Common Files
2008-12-09 18:37:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-09 18:36:17 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 18:36:17 ----D---- C:\Program Files\AOL
2008-12-09 18:27:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:07:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 14:26:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-09 14:21:33 ----D---- C:\Program Files\Messenger
2008-12-09 14:21:32 ----SD---- C:\WINDOWS\Fonts
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\wbem
2008-12-09 14:21:32 ----D---- C:\WINDOWS\system32\Setup
2008-12-09 04:26:15 ----D---- C:\WINDOWS\security
2008-12-09 04:23:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 04:16:14 ----D---- C:\WINDOWS\WinSxS
2008-12-09 04:16:06 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-09 04:16:06 ----D---- C:\WINDOWS\network diagnostic
2008-12-09 04:16:06 ----D---- C:\WINDOWS\Help
2008-12-09 04:16:05 ----D---- C:\WINDOWS\ime
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\usmt
2008-12-09 04:16:01 ----D---- C:\WINDOWS\system32\en-US
2008-12-09 04:16:00 ----D---- C:\WINDOWS\PeerNet
2008-12-09 04:16:00 ----D---- C:\Program Files\Movie Maker
2008-12-09 04:13:44 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 04:13:43 ----D---- C:\WINDOWS\system32\npp
2008-12-09 04:13:43 ----D---- C:\WINDOWS\mui
2008-12-09 04:13:42 ----D---- C:\WINDOWS\msagent
2008-12-09 04:13:41 ----D---- C:\WINDOWS\srchasst
2008-12-09 04:13:39 ----D---- C:\Program Files\NetMeeting
2008-12-09 04:13:38 ----D---- C:\WINDOWS\system32\Com
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows NT
2008-12-09 04:13:35 ----D---- C:\Program Files\Windows Media Player
2008-12-09 04:13:35 ----D---- C:\Program Files\Outlook Express
2008-12-09 04:13:33 ----D---- C:\Program Files\Common Files\System
2008-12-09 04:13:21 ----D---- C:\WINDOWS\system32\oobe
2008-12-09 04:13:19 ----D---- C:\WINDOWS\system
2008-12-09 04:10:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-09 04:09:40 ----D---- C:\WINDOWS\ehome
2008-12-09 00:20:50 ----D---- C:\WINDOWS\Debug
2008-12-08 19:14:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-08 10:50:15 ----D---- C:\Program Files\Symantec
2008-12-08 10:50:13 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-08 10:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-08 10:45:48 ----SD---- C:\WINDOWS\Tasks
2008-12-07 02:16:58 ----D---- C:\Program Files\iPod
2008-12-07 02:16:57 ----D---- C:\Program Files\Common Files\Apple
2008-12-06 01:38:40 ----D---- C:\Program Files\FlashGet
2008-12-04 04:44:20 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 20:38:37 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-12-30 43672]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-09 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-09 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-09 90632]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\drivers\CO_Mon.sys []
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 P1100C_CT_CDI;Creative PD1100C HAL Service; C:\WINDOWS\system32\DRIVERS\P1100cCd.sys [2003-01-21 3392]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2005-10-07 501760]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2005-10-07 438784]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2005-10-07 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2005-10-07 142336]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2005-10-07 77824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2005-10-07 751616]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2005-10-07 178688]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2005-10-07 114688]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20071204.002\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-07-13 340704]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys [2002-11-22 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-17 85969]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2005-10-07 153088]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080328.003\NAVEX15.SYS []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 P1100CVD;Vibra WebCam; C:\WINDOWS\system32\DRIVERS\P1100cVd.sys [2003-01-22 295260]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2007-01-01 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-01-31 279088]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-06 611664]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-09 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-29 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-17 61440]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-04-13 1245064]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 20 December 2008 - 04:20 PM

Hi please uninstall AskBar and Viewpoint.
Then reboot and delete these folders:
C:\Program Files\AskBarDis
C:\Program Files\Viewpoint
===================================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

Including this folder C:\Rsit

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 Kylok

Kylok
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 20 December 2008 - 05:56 PM

Done, done, and done; I uninstalled those two programs, used OTCleanIt, deleted the rest of the stuff we used, downloaded Sunbelt Free Firewall, and reset my system restore point.

Thanks a lot for all the help! I think I learned a thing or two during this process, and I'm glad my computer is malware-free.

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:17 AM

Posted 20 December 2008 - 07:28 PM

You are welcome :thumbsup:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users