Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help removing iprip.dll


  • Please log in to reply
1 reply to this topic

#1 dazldave

dazldave

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:54 AM

Posted 22 December 2008 - 04:52 PM

this virus will load multiple pages once on the web. if i am typing it will repeat this =56'
the longer i stay on the more intense it will get. i acually had this problem on my other computer first and ran a virus scan that found it but i wasn't able to remove it. i believe this computer was infected from my other. the program infected was d:\windows\system32\iprip.dll and others which i was able to delete except this one. this computer i have done nothing but run rsit. I would appreciate any help u can give me.

info.txt logfile of random's system information tool 1.05 2008-12-22 05:01:28

======Uninstall list======

-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Charter Security Suite\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Charter Security Suite-->"C:\Program Files\Charter Security Suite\FSGUI\PostInstall.exe" /tUnInstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{C05E10AC-BD86-4564-9D16-EF11D7314FB2}
HPImageZone-->MsiExec.exe /X{11946FA8-329A-4DDF-B867-A32781FED8EE}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2003 System Pack-->MsiExec.exe /I{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}
Microsoft Money 2003-->MsiExec.exe /I{01F9D88C-3C86-4E82-840A-101A3221F67A}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77335B5D-8600-4153-B76D-0952977ACCD7}
NVIDIA Gart Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
toolkit-->c:\Windows\HPTK\unhptkit.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
Veo Digital Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45AEEA61-04F8-11D6-8B35-0080C8F5C4AA}\SETUP.EXE" -l0x9
Veo Stingray-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88E6DF-A288-4E09-A59B-68E94373BAC7}\SETUP.EXE" -l0x9
Weblink-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FCC384C-18EA-4E25-9281-A06AE006D219}\setup.exe" -l0x9
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~2\UNINST~1.EXE
Yahoo! Search Suggest Add-on for IE7-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Charter Security Suite 8.00
FW: Charter Security Suite 8.00

System event log

Computer Name: RICHARD
Event Code: 17
Message: Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:
- Security Update for Windows Messenger (KB887472)
- Security Update for Windows XP (KB920683)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB913580)
- Security Update for Flash Player (KB913433)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Realtek AC'97 Audio
- Security Update for DirectX 9 for Windows XP (KB904706)
- 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
- Security Update for Windows Media Player Plug-in (KB911564)
- Security Update for Microsoft Windows (KB898458)
- Update for Windows XP (KB910437)
- Security Update for Internet Explorer 6 Service Pack 1 (KB918439)
- HP Memories Disc Creator - Software Update

Record Number: 811
Source Name: Windows Update Agent
Time Written: 20080831123426.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 17
Message: Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:
- Security Update for Windows Messenger (KB887472)
- Security Update for Windows XP (KB920683)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB913580)
- Security Update for Flash Player (KB913433)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Realtek AC'97 Audio
- Security Update for DirectX 9 for Windows XP (KB904706)
- 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
- Security Update for Windows Media Player Plug-in (KB911564)
- Update for Windows XP (KB910437)
- Security Update for Internet Explorer 6 Service Pack 1 (KB918439)
- HP Memories Disc Creator - Software Update

Record Number: 810
Source Name: Windows Update Agent
Time Written: 20080831123426.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 17
Message: Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:
- Security Update for Windows Messenger (KB887472)
- Security Update for Windows XP (KB920683)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB913580)
- Security Update for Flash Player (KB913433)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Realtek AC'97 Audio
- Security Update for DirectX 9 for Windows XP (KB904706)
- 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
- Update for Windows XP (KB910437)
- Security Update for Internet Explorer 6 Service Pack 1 (KB918439)
- HP Memories Disc Creator - Software Update

Record Number: 809
Source Name: Windows Update Agent
Time Written: 20080831123414.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 17
Message: Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:
- Security Update for Windows Messenger (KB887472)
- Security Update for Windows XP (KB920683)
- Update for Windows XP (KB835409)
- Security Update for Windows XP (KB913580)
- Security Update for Flash Player (KB913433)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Realtek AC'97 Audio
- 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
- Update for Windows XP (KB910437)
- Security Update for Internet Explorer 6 Service Pack 1 (KB918439)
- HP Memories Disc Creator - Software Update

Record Number: 808
Source Name: Windows Update Agent
Time Written: 20080831123358.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 17
Message: Installation Ready: The following updates are downloaded and ready for installation. To install the updates, an administrator should log on to this computer and Windows will prompt with further instructions:
- Security Update for Windows Messenger (KB887472)
- Security Update for Windows XP (KB920683)
- Update for Windows XP (KB835409)
- Security Update for Flash Player (KB913433)
- Cumulative Security Update for Outlook Express 6 Service Pack 1 (KB911567)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB918899)
- Realtek AC'97 Audio
- 816093: Security Update Microsoft Virtual Machine (Microsoft VM)
- Update for Windows XP (KB910437)
- Security Update for Internet Explorer 6 Service Pack 1 (KB918439)
- HP Memories Disc Creator - Software Update

Record Number: 807
Source Name: Windows Update Agent
Time Written: 20080831123358.000000-420
Event Type: information
User:

Application event log

Computer Name: RICHARD
Event Code: 1001
Message: Detection of product '{11946FA8-329A-4DDF-B867-A32781FED8EE}', feature 'HPImageZone' failed during request for component '{68F2DC95-6A14-421A-A446-71985D99CE9B}'

Record Number: 5
Source Name: MsiInstaller
Time Written: 20080831102007.000000-420
Event Type: warning
User:

Computer Name: RICHARD
Event Code: 1004
Message: Detection of product '{11946FA8-329A-4DDF-B867-A32781FED8EE}', feature 'HPImageZone', component '{7C0FF5FB-EBA8-4480-BED9-833E2AF52869}' failed. The resource 'c:\Documents and Settings\Owner\My Documents\My Pictures\' does not exist.

Record Number: 4
Source Name: MsiInstaller
Time Written: 20080831102007.000000-420
Event Type: warning
User:

Computer Name: RICHARD
Event Code: 11728
Message: Product: WebFldrs XP -- Configuration completed successfully.

Record Number: 3
Source Name: MsiInstaller
Time Written: 20080831101850.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20080831101612.000000-420
Event Type: information
User:

Computer Name: RICHARD
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 1
Source Name: LoadPerf
Time Written: 20080831101612.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"Veo_532_PRODUCT_VER"=1.1.0.0
"Veo_532_INSTALL_DIR"=C:\Program Files\Veo Stingray\Driver
"Veo_532_INF_PATH"=C:\WINDOWS\INF\oem89.inf
"Veo_532_PNF_PATH"=C:\WINDOWS\INF\oem89.pnf
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-22 13:44:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 123 GB (84%) free of 147 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:21 PM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Charter Security Suite\Common\FSMB32.EXE
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Charter Security Suite\Common\FCH32.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter Security Suite\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Charter Security Suite\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Charter Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter Security Suite\FSAUA\program\fsus.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter Security Suite\FSGUI\scanwizard.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner.RICHARD\Local Settings\Temporary Internet Files\Content.IE5\O1QS1Z6T\RSIT[1].exe
C:\Program Files\trend micro\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220207752740
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://charter.net/files/charter/securitysuite/fscax.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 12127 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5A263CF7-56A6-4D68-A8CF-345BE45BC911}]
Yahoo! IE Suggest - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll [2008-01-14 233472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-09-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP View - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll [2003-06-16 98304]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-09-22 2403392]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe [2002-10-07 90112]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-13 49152]
"HPHUPD05"=c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-05-23 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"StorageGuard"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2003-08-23 151597]
"AutoTKit"=C:\hp\bin\AUTOTKIT.EXE [2003-06-18 53248]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-05-02 4640768]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-07-04 135168]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-06-17 118784]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"F-Secure Manager"=C:\Program Files\Charter Security Suite\Common\FSM32.EXE [2008-06-25 182936]
"F-Secure TNB"=C:\Program Files\Charter Security Suite\FSGUI\TNBUtil.exe [2008-06-25 957024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"=C:\WINDOWS\system32\nview.dll [2003-05-02 835654]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-22 342848]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~1.EXE [2007-06-03 125176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqtra08.exe [2003-06-13 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpqthb08.exe [2003-06-20 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2004-08-11 757760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-22 11:30:58 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\F-Secure
2008-12-22 05:52:25 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 05:52:25 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 05:52:25 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 05:52:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-22 05:01:13 ----D---- C:\Program Files\trend micro
2008-12-22 05:01:12 ----D---- C:\rsit
2008-12-22 04:58:45 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\BitTorrent
2008-12-22 04:56:59 ----D---- C:\Program Files\DNA
2008-12-22 04:56:59 ----D---- C:\Program Files\BitTorrent
2008-12-22 04:56:59 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\DNA
2008-12-22 04:56:52 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\Mozilla
2008-12-22 04:56:51 ----D---- C:\Program Files\AskBarDis
2008-12-22 04:49:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-22 04:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-22 04:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-22 04:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-22 04:48:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-22 04:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-22 04:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-22 04:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-22 04:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-22 04:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-22 04:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-22 04:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-22 04:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-22 04:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-22 02:13:07 ----A---- C:\WINDOWS\system32\mpg4c32.dll
2008-12-22 01:43:29 ----D---- C:\Program Files\Charter Security Suite
2008-12-22 01:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-12-22 01:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\f-secure
2008-12-22 01:32:22 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-22 01:14:55 ----D---- C:\icons, backgrounds, ect
2008-12-22 01:01:47 ----D---- C:\Program Files\Veo Digital Studio
2008-12-22 01:00:58 ----A---- C:\WINDOWS\system32\VeoSetup532.dll
2008-12-22 01:00:57 ----D---- C:\Program Files\Veo Stingray
2008-12-22 00:27:01 ----D---- C:\fsaua.data
2008-12-22 00:23:46 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-22 00:23:14 ----D---- C:\WINDOWS\Prefetch
2008-12-22 00:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-22 00:14:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-22 00:14:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-22 00:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-22 00:14:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-22 00:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-22 00:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-22 00:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-22 00:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-22 00:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-22 00:10:31 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-12-22 00:10:31 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-12-22 00:10:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-22 00:10:18 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-22 00:10:17 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-22 00:10:16 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-22 00:10:16 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-22 00:10:16 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-22 00:10:16 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-22 00:10:15 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-22 00:10:14 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-22 00:10:13 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-22 00:10:11 ----D---- C:\WINDOWS\system32\scripting
2008-12-22 00:10:10 ----D---- C:\WINDOWS\system32\en
2008-12-22 00:10:10 ----D---- C:\WINDOWS\l2schemas
2008-12-22 00:04:54 ----A---- C:\WINDOWS\003087_.tmp
2008-12-21 23:58:58 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\Help
2008-12-21 23:52:43 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\Motive
2008-12-21 23:21:02 ----RA---- C:\WINDOWS\system32\sai8000.dll
2008-12-21 23:11:31 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 1 months======

2008-12-22 13:43:44 ----D---- C:\WINDOWS
2008-12-22 11:30:34 ----D---- C:\WINDOWS\Temp
2008-12-22 05:52:48 ----SHD---- C:\WINDOWS\Installer
2008-12-22 05:52:29 ----HD---- C:\Config.Msi
2008-12-22 05:52:25 ----D---- C:\WINDOWS\system32
2008-12-22 05:52:09 ----D---- C:\Program Files\Java
2008-12-22 05:29:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-22 05:29:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-22 05:28:59 ----D---- C:\Program Files\Internet Explorer
2008-12-22 05:27:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-22 05:01:13 ----D---- C:\Program Files
2008-12-22 04:49:45 ----HD---- C:\WINDOWS\inf
2008-12-22 04:49:44 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 04:49:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-22 04:49:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-22 04:48:17 ----D---- C:\WINDOWS\ie7updates
2008-12-22 04:43:10 ----D---- C:\WINDOWS\WinSxS
2008-12-22 04:11:29 ----D---- C:\WINDOWS\Help
2008-12-22 03:06:09 ----A---- C:\WINDOWS\system.ini
2008-12-22 02:49:22 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-12-22 01:44:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-22 01:35:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 01:33:51 ----D---- C:\Program Files\QuickTime
2008-12-22 01:33:03 ----SD---- C:\WINDOWS\Tasks
2008-12-22 01:32:59 ----D---- C:\Program Files\Apple Software Update
2008-12-22 01:21:30 ----AC---- C:\WINDOWS\WORDPAD.INI
2008-12-22 01:01:45 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-22 01:01:06 ----D---- C:\WINDOWS\twain_32
2008-12-22 00:24:26 ----RASH---- C:\boot.ini
2008-12-22 00:24:26 ----A---- C:\WINDOWS\win.ini
2008-12-22 00:23:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-22 00:23:19 ----A---- C:\WINDOWS\setuplog.txt
2008-12-22 00:22:53 ----D---- C:\WINDOWS\system32\Setup
2008-12-22 00:22:53 ----D---- C:\WINDOWS\AppPatch
2008-12-22 00:22:52 ----D---- C:\WINDOWS\system32\wbem
2008-12-22 00:22:51 ----RSD---- C:\WINDOWS\Fonts
2008-12-22 00:22:07 ----D---- C:\WINDOWS\security
2008-12-22 00:14:46 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-22 00:13:45 ----D---- C:\Program Files\Messenger
2008-12-22 00:10:31 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-22 00:10:31 ----D---- C:\Program Files\Windows Media Player
2008-12-22 00:10:20 ----D---- C:\WINDOWS\network diagnostic
2008-12-22 00:10:20 ----D---- C:\WINDOWS\ime
2008-12-22 00:10:11 ----D---- C:\WINDOWS\system32\usmt
2008-12-22 00:10:11 ----D---- C:\WINDOWS\system32\en-US
2008-12-22 00:10:09 ----D---- C:\WINDOWS\system32\bits
2008-12-22 00:10:09 ----D---- C:\WINDOWS\peernet
2008-12-22 00:10:09 ----D---- C:\Program Files\Movie Maker
2008-12-22 00:08:04 ----D---- C:\WINDOWS\system32\Restore
2008-12-22 00:08:04 ----D---- C:\WINDOWS\system32\npp
2008-12-22 00:08:03 ----D---- C:\WINDOWS\msagent
2008-12-22 00:08:02 ----D---- C:\WINDOWS\srchasst
2008-12-22 00:07:59 ----D---- C:\Program Files\NetMeeting
2008-12-22 00:07:58 ----D---- C:\WINDOWS\system32\Com
2008-12-22 00:07:56 ----D---- C:\Program Files\Windows NT
2008-12-22 00:07:56 ----D---- C:\Program Files\Outlook Express
2008-12-22 00:07:52 ----D---- C:\Program Files\Common Files\System
2008-12-22 00:07:38 ----D---- C:\WINDOWS\system32\oobe
2008-12-22 00:07:37 ----D---- C:\WINDOWS\system
2008-12-22 00:04:51 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-22 00:04:37 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-22 00:02:46 ----D---- C:\WINDOWS\EHome
2008-12-21 23:41:51 ----D---- C:\Documents and Settings\Owner.RICHARD\Application Data\Yahoo!
2008-12-21 23:22:18 ----SD---- C:\Documents and Settings\Owner.RICHARD\Application Data\Microsoft
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-16 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-16 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-16 21744]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-05-02 1312555]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 SaiH8000;SaiH8000; C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 56576]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\System32\DRIVERS\enum1394.sys [2001-08-17 6400]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCDRSRVC;PCDRSRVC - PCDR Kernel Mode Service Helper Driver; C:\WINDOWS\system32\drivers\PCDRSRVC.sys [2003-05-20 20348]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Charter Security Suite\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe [2008-06-25 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\Charter Security Suite\Common\FSMA32.EXE [2008-06-25 117400]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-05-02 69632]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Charter Security Suite\FSAUA\program\fsaua.exe [2008-06-25 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe [2008-06-25 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe [2008-06-25 55904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-22 138168]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Rosty

Rosty

    Skydive junkie


  • Malware Response Team
  • 1,220 posts
  • OFFLINE
  •  
  • Local time:01:54 PM

Posted 31 December 2008 - 02:42 AM

Hi ,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then we'll take a look.


Regards,

Rosty.
Posted Image
Proud member of ASAP since 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users