Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nimda Worm + more?


  • This topic is locked This topic is locked
29 replies to this topic

#1 jay521

jay521

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 January 2009 - 01:17 AM

Hey everybody, I'm obviously new to the forum :thumbsup:
Well to get to the point, I am trying to fix my aunt's computer and here explorer.exe is missing I believe. It doesnt show the start menu,toolbar,window icons, or anything. Until I typed explorer in regedit. Every time I reboot I have to do the same thing over and over. I am just wondering if you someone can fix her problems. Thanks

HP Pavilion a1120n with windows xp.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:29 PM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\csrssc.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\mcupdate_1230609403.exe
C:\Documents and Settings\HP_Administrator\Application Data\gadcom\gadcom.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\WINDOWS\system32\mshta.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\wsnpoema.exe,C:\WINDOWS\system32\wsnpoema.exe,
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\HP_Administrator\nview.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [Hnucej] rundll32.exe "C:\WINDOWS\Dyetisohuni.dll",e
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\HP_Administrator\winlogon.exe
O4 - HKLM\..\Run: [Xwagojun] rundll32.exe "C:\WINDOWS\aceqewipezupe.dll",e
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\csrssc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: ,avgrsstx.dll iyfjdg.dll
O21 - SSODL: ieModule - {56420F9E-1C8F-4237-975B-E725EBD14ECA} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {2DA0D94F-C904-4A26-8929-BDBF1D5D6BCA} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\jlnsostnoy.dll
O22 - SharedTaskScheduler: (no name) - {AF0BE91A-D92D-44F5-9581-64F629762E5A} - C:\WINDOWS\system32\ccc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9746 bytes

Thank You For The Help!

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 14 January 2009 - 03:50 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 14 January 2009 - 06:21 PM

Thank you so much for answering my thread fenzodahl512. I really really really appreciate it.

Here is what you asked for...

MBAM LOG

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 2

1/14/2009 9:01:07 AM
mbam-log-2009-01-14 (09-01-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 255936
Time elapsed: 3 hour(s), 6 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 34
Registry Values Infected: 7
Registry Data Items Infected: 7
Folders Infected: 13
Files Infected: 110

Memory Processes Infected:
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrssc.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\yayyaxwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iyfjdg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Rogue.SpywareGuard) -> Delete on reboot.
C:\WINDOWS\system32\geBqQjHa.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d813285-cc3a-42d4-9890-c485a071f919} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7d813285-cc3a-42d4-9890-c485a071f919} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e567b7b3-392d-4b0c-9d56-93b9d8f0acc2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e567b7b3-392d-4b0c-9d56-93b9d8f0acc2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e567b7b3-392d-4b0c-9d56-93b9d8f0acc2} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d813285-cc3a-42d4-9890-c485a071f919} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56420f9e-1c8f-4237-975b-e725ebd14eca} (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebqqjha (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ada8c222-95d2-47b5-950b-aebc0a508839} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2da0d94f-c904-4a26-8929-bdbf1d5d6bca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapii (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapii (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapii (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\iemodule (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows logon applicationedc (Trojan.Dropper) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\internetconnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hnucej (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xwagojun (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyaxwu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyaxwu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\wsnpoema.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\wsnpoema.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\wsnpoema.exe,C:\WINDOWS\system32\wsnpoema.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Cleaner (Rogue.Ultimate.Cleaner) -> Quarantined and deleted successfully.
C:\Program Files\Ultimate Defender (Rogue.Ultimate.Defender) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingAdvisor (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoema (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yayyaxwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwxayyay.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uwxayyay.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iyfjdg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dobuvjiu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uijvubod.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odhitbtv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtbtihdo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rkkwyvke.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekvywkkr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\atapii.sys (Rootkit.Agent.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Rogue.SpywareGuard) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\csrssc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\winlogon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBqQjHa.dll (Trojan.Vundo) -> Delete on reboot.
C:\alfqentw.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\oruocu.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\pnuxb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\thauf.exe (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
C:\uckwvbf.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\xgef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.Spyguard) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MSAntiSpyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\jlnsostnoy.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\gadcom\gadcom.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\3469879824.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\175SEV0G\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\175SEV0G\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\67X0OCS8\Codec[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\67X0OCS8\tqanbocttq[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\67X0OCS8\aasuper0[1].htm (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\67X0OCS8\g814[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FZR91T12\divx[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FZR91T12\aasuper2[2].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FZR91T12\aasuper3[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FZR91T12\main[1].exe (Rogue.MSAntiSpyware2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\FZR91T12\u790[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MLZ02RT6\jtznaoo[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MLZ02RT6\upd105320[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MLZ02RT6\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MLZ02RT6\aasuper1[2].htm (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDEZO52J\wibcpghqr[1].htm (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDEZO52J\SpywareGuard2008[2].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDEZO52J\u746[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\XDEZO52J\Codec[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfebxxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\naijixpq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aomfwmgq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNheff.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnMFwtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svschost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svñshost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSkjjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xdclgp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnpur.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cd3f86a2.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\p2\EV21AIP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xn\XCIR54I.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\139.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\3A3.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ItTckmiU.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS68c0.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\WwYhLuiE.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\YwinxOjQ.exe (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\queue.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingAdvisor\BrowsingAdvisor.dat (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingAdvisor\pcre3.dll (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\BrowsingAdvisor\uninstall.exe (Adware.PlayMP3Z-biz) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoema\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoema\video.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Spyware Guard 2008\Uninstall.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Dyetisohuni.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\aceqewipezupe.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoema.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyxwxY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS6797.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Desktop\Spyware Guard 2008.lnk (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSdxcp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkao.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot.



RSIT LOG

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-01-14 09:08:43
Microsoft Windows XP Professional Service Pack 2
System drive C: has 95 GB (52%) free of 183 GB
Total RAM: 503 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:09 AM, on 1/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NVIDIA nView] C:\Documents and Settings\HP_Administrator\nview.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll iyfjdg.dll
O20 - Winlogon Notify: bfbfefaeddfe - C:\WINDOWS\system32\bfbfefaeddfe.dll (file missing)
O20 - Winlogon Notify: notifyc - C:\WINDOWS\system32\ccc.dll (file missing)
O20 - Winlogon Notify: ssqQiijG - ssqQiijG.dll (file missing)
O22 - SharedTaskScheduler: (no name) - {AF0BE91A-D92D-44F5-9581-64F629762E5A} - C:\WINDOWS\system32\ccc.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8801 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton PC Checkup WeekDay Scanner.job
C:\WINDOWS\tasks\Norton PC Checkup Weekend Scanner.job
C:\WINDOWS\tasks\sjqhyjrd.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-08-13 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-29 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-06-02 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-06-02 720896]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-29 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-12-01 126976]
"NVIDIA nView"=C:\Documents and Settings\HP_Administrator\nview.exe []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-29 949376]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"Startup Manager Scanner"=C:\Program Files\Startup Mechanic\StartupMonitor.exe [2004-09-05 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll iyfjdg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bfbfefaeddfe]
C:\WINDOWS\system32\bfbfefaeddfe.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\notifyc]
C:\WINDOWS\system32\ccc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqQiijG]
ssqQiijG.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
{AF0BE91A-D92D-44F5-9581-64F629762E5A} - C:\WINDOWS\system32\ccc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\nvsvc32.exe"="C:\WINDOWS\system32\nvsvc32.exe:*:Enabled:Windows Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\AutoRun\command - L:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-01-14 09:08:43 ----D---- C:\rsit
2009-01-14 05:48:07 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-01-14 05:47:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-14 05:47:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 21:49:01 ----D---- C:\Program Files\Trend Micro
2009-01-05 21:48:34 ----D---- C:\Program Files\Startup Mechanic
2009-01-05 20:56:54 ----D---- C:\Program Files\Enigma Software Group
2008-12-31 18:22:37 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-31 18:22:31 ----D---- C:\Program Files\Alwil Software
2008-12-31 17:57:28 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 22:41:01 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-29 22:38:45 ----HD---- C:\$AVG8.VAULT$
2008-12-29 22:11:37 ----A---- C:\$$$$$$$$11.bat
2008-12-29 22:03:35 ----D---- C:\WINDOWS\system32\xn
2008-12-29 22:03:35 ----D---- C:\WINDOWS\system32\p2
2008-12-29 21:21:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-29 21:20:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-29 21:20:18 ----D---- C:\Program Files\AVG
2008-12-29 20:06:22 ----A---- C:\WINDOWS\7zS399.tmp
2008-12-28 21:07:36 ----HD---- C:\WINDOWS\PIF
2008-12-28 19:09:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\U3
2008-12-27 15:12:08 ----D---- C:\Program Files\ESET
2008-12-26 15:08:42 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2008-12-24 12:19:56 ----A---- C:\WINDOWS\system32\nifqte.dll
2008-12-24 12:19:53 ----A---- C:\WINDOWS\system32\qycymtrt.dll
2008-12-24 07:40:58 ----A---- C:\p2hhr.bat
2008-12-24 07:37:43 ----A---- C:\7911.bat
2008-12-23 13:02:12 ----A---- C:\4811.bat
2008-12-23 12:12:23 ----A---- C:\WINDOWS\system32\psjiiryr.dll
2008-12-23 12:06:58 ----SH---- C:\WINDOWS\system32\ojxgasvf.ini
2008-12-23 12:05:47 ----A---- C:\WINDOWS\system32\0f2c38ae-.txt
2008-12-23 11:56:50 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\FrostWire
2008-12-23 11:48:06 ----A---- C:\qasfye.exe
2008-12-23 11:47:35 ----D---- C:\WINDOWS\system32\whSLD02
2008-12-22 18:01:09 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Snapfish
2008-12-13 00:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 00:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 00:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 00:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-11-15 00:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 00:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-05 19:16:31 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Ludia
2008-11-05 19:16:31 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-11-05 19:14:52 ----D---- C:\Program Files\Hells Kitchen
2008-11-03 17:31:04 ----A---- C:\WINDOWS\system32\DEBUG_LOG.txt
2008-11-02 22:06:57 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Home Sweet Home 2
2008-11-02 21:57:38 ----D---- C:\Program Files\Parking Dash
2008-11-02 21:56:51 ----D---- C:\Program Files\Home Sweet Home 2 Kitchens And Baths
2008-11-02 11:33:25 ----D---- C:\Program Files\Norton PC Checkup
2008-11-01 19:57:03 ----D---- C:\WINDOWS\system32\Adobe
2008-11-01 18:27:24 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-01 18:18:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Pogo Games
2008-11-01 18:11:27 ----D---- C:\Program Files\Operation Mania
2008-10-30 02:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 09:15:53 ----D---- C:\WINDOWS\ie7updates
2008-10-17 09:12:51 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-10-16 16:51:32 ----A---- C:\WINDOWS\system32\unicows.dll
2008-10-16 16:45:10 ----D---- C:\Program Files\Tropix 2 Quest For The Golden Banana
2008-10-16 16:44:26 ----D---- C:\WINDOWS\system32\en-US
2008-10-16 16:40:22 ----HDC---- C:\WINDOWS\ie7
2008-10-16 16:35:33 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-16 16:25:15 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-16 02:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 02:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 02:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 02:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 02:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 02:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 3 months======

2009-01-14 09:09:09 ----D---- C:\WINDOWS\Temp
2009-01-14 09:08:47 ----D---- C:\WINDOWS\Prefetch
2009-01-14 09:06:28 ----D---- C:\WINDOWS
2009-01-14 09:06:19 ----D---- C:\WINDOWS\Registration
2009-01-14 09:03:50 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 09:03:50 ----D---- C:\WINDOWS\system32
2009-01-14 09:03:45 ----D---- C:\Program Files
2009-01-14 09:02:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 09:02:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 21:53:27 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 21:49:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-01 09:21:34 ----D---- C:\WINDOWS\system32\config
2008-12-31 19:30:12 ----D---- C:\Program Files\Janes Hotel
2008-12-31 18:18:14 ----D---- C:\WINDOWS\system
2008-12-30 20:00:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-12-29 22:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-12-29 22:05:06 ----D---- C:\temp
2008-12-29 21:56:07 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-29 21:20:15 ----SHD---- C:\WINDOWS\Installer
2008-12-29 21:19:57 ----HD---- C:\Config.Msi
2008-12-29 21:19:27 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-12-29 21:15:22 ----D---- C:\Program Files\Common Files
2008-12-29 19:59:47 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-29 19:59:44 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-29 19:57:18 ----SD---- C:\WINDOWS\Tasks
2008-12-28 19:44:50 ----SHD---- C:\System Volume Information
2008-12-28 19:44:50 ----D---- C:\WINDOWS\system32\Restore
2008-12-27 21:47:01 ----D---- C:\Documents and Settings
2008-12-26 13:55:11 ----D---- C:\WINDOWS\Help
2008-12-23 13:05:34 ----D---- C:\Program Files\FrostWire
2008-12-23 12:37:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 11:49:20 ----D---- C:\Program Files\LimeWire
2008-12-22 23:18:23 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-22 18:00:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 17:50:13 ----HD---- C:\WINDOWS\inf
2008-12-20 00:02:43 ----A---- C:\WINDOWS\imsins.BAK
2008-12-20 00:01:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 23:45:37 ----D---- C:\Program Files\EA GAMES
2008-12-13 02:10:13 ----D---- C:\Program Files\Internet Explorer
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-25 11:57:01 ----D---- C:\Program Files\Full Tilt Poker
2008-11-15 00:43:18 ----D---- C:\WINDOWS\system32\Macromed
2008-11-15 00:02:09 ----D---- C:\WINDOWS\WinSxS
2008-11-04 22:03:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\PlayFirst
2008-11-04 22:03:22 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-11-02 21:58:23 ----D---- C:\Program Files\Delicious 2 Deluxe
2008-11-02 11:33:45 ----SHD---- C:\RECYCLER
2008-11-02 11:20:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-01 18:28:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2008-11-01 18:28:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-29 06:54:55 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-29 06:54:55 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-23 05:01:36 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-22 01:47:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 23:35:37 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-20 15:47:45 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-16 16:44:52 ----D---- C:\WINDOWS\WBEM
2008-10-16 16:43:28 ----D---- C:\WINDOWS\Media
2008-10-16 16:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 12:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\occache.dll
2008-10-16 12:38:39 ----A---- C:\WINDOWS\system32\mstime.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 12:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 12:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 12:38:35 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 12:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 05:11:09 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 08:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\aavmker4.sys [2008-07-19 26944]
R1 aswsp;avast! Self Protection; C:\WINDOWS\system32\drivers\aswsp.sys [2008-07-19 78416]
R1 aswtdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswtdi.sys [2008-07-19 42912]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-29 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-29 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-29 15424]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 amon;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-29 512096]
R2 aswfsblk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswmon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswmon2.sys [2008-07-19 94416]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-29 76040]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 aswrdr;aswRdr; C:\WINDOWS\system32\drivers\aswrdr.sys [2008-07-19 23152]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-15 2564032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S1 a2109834;a2109834; C:\WINDOWS\System32\drivers\a2109834.sys []
S1 cd3f86a2;cd3f86a2; C:\WINDOWS\System32\drivers\cd3f86a2.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 TnIDriver;TnIDriver; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\tni1A.tmp []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-10 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswupdsv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-29 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-05-08 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 nod32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-29 552064]
R3 avast! mail scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! web scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-02-14 327680]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------


RSIT INFO

info.txt logfile of random's system information tool 1.05 2009-01-14 09:09:13

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Blackhawk Striker 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Holidays from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1B497FAA-E53E-420D-8408-FFDD3278CD50\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
Cake Mania 3-->"C:\Program Files\Cake Mania 3\ReflexiveArcade\unins000.exe"
Cooking Dash-->"C:\Program Files\Cooking Dash\ReflexiveArcade\unins000.exe"
Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Delicious 2 Deluxe-->"C:\Program Files\Delicious 2 Deluxe\ReflexiveArcade\unins000.exe"
Diner Dash Seasonal Snack Pack-->"C:\Program Files\Diner Dash Seasonal Snack Pack\ReflexiveArcade\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
File Recover 7.0-->"C:\Program Files\File Recover\unins000.exe"
Final Drive Nitro from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\31D6EDEF-1926-4267-A24E-077BFB360F72\Uninstall.exe"
FreeUndelete-->C:\Program Files\FreeUndelete\GLF93C.exe /handle:fru
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Hells Kitchen-->"C:\Program Files\Hells Kitchen\ReflexiveArcade\unins000.exe"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Home Sweet Home 2 Kitchens And Baths-->"C:\Program Files\Home Sweet Home 2 Kitchens And Baths\ReflexiveArcade\unins000.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC-->MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233}
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HP Tunes-->MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Ice Cream Mania-->"C:\Program Files\Ice Cream Mania\ReflexiveArcade\unins000.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{72C2CA17-1E7D-4D03-AA43-CDCF76010A27}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Janes Hotel-->"C:\Program Files\Janes Hotel\ReflexiveArcade\unins000.exe"
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Investigator-->"C:\Program Files\Media Investigator\Uninstall.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}\setup.exe" -l0x9
muvee autoProducer unPlugged - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Overball from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A8B63E91-BB8C-41FF-B530-5BB13C915612\Uninstall.exe"
Parking Dash-->"C:\Program Files\Parking Dash\ReflexiveArcade\unins000.exe"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4C838121-69EC-424A-8FB0-91C15306A758\Uninstall.exe"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Slyder from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\600C800C-5985-4E74-AFE7-571001AC3FA4\Uninstall.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SpySubtract-->C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Startup Mechanic 2.7-->C:\Program Files\Startup Mechanic\uninst.exe
Super Granny from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
The Sims 2 Family Fun Stuff-->C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets-->C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Apartment Life-->C:\Program Files\EA GAMES\The Sims 2 Apartment Life\EAUninstall.exe
The Sims™ 2 Bon Voyage-->C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Double Deluxe-->C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
The Sims™ 2 FreeTime-->C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff-->C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Tropix 2 Quest For The Golden Banana-->"C:\Program Files\Tropix 2 Quest For The Golden Banana\ReflexiveArcade\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)-->C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See KB889858 for more information]-->C:\WINDOWS\$NtUninstallKB889858$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885354-->C:\WINDOWS\$NtUninstallKB885354$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AV: avast! antivirus 4.8.1229 [VPS 080731-0] (outdated)
AV: ESET NOD32 antivirus system 2.70 (outdated)

System event log

Computer Name: SANNICOLAS
Event Code: 32003
Message: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Record Number: 5567
Source Name: ipnathlp
Time Written: 20081223232738.000000-480
Event Type: error
User:

Computer Name: SANNICOLAS
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{DC7521CA-57EA-4376-BD83-B86665740CD1} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 5566
Source Name: Tcpip
Time Written: 20081223232730.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{DC7521CA-57EA-4376-BD83-B86665740CD1} because a master browser was stopped.

Record Number: 5565
Source Name: BROWSER
Time Written: 20081223232657.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.100.11 on the
Network Card with network address 0013D4310F07.

Record Number: 5564
Source Name: Dhcp
Time Written: 20081223232611.000000-480
Event Type: error
User:

Computer Name: SANNICOLAS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013D4310F07. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 5563
Source Name: Dhcp
Time Written: 20081223232611.000000-480
Event Type: warning
User:

Application event log

Computer Name: SANNICOLAS
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1590
Source Name: LightScribeService
Time Written: 20090101092222.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 1
Message:
Record Number: 1589
Source Name: avg8emc
Time Written: 20081231201259.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 1588
Source Name: SecurityCenter
Time Written: 20081231201252.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1587
Source Name: LightScribeService
Time Written: 20081231201153.000000-480
Event Type: information
User:

Computer Name: SANNICOLAS
Event Code: 1
Message:
Record Number: 1586
Source Name: avg8emc
Time Written: 20081231180739.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\jZip
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 15 January 2009 - 03:12 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 15 January 2009 - 12:19 PM

COMBO FIX LOG

ComboFix 09-01-13.04 - HP_Administrator 2009-01-15 8:48:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.175 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1229 [VPS 080731-0] *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\tn3
c:\windows\IE4 Error Log.txt
c:\windows\system32\_000217_.tmp.dll
c:\windows\system32\nifqte.dll
c:\windows\system32\ojxgasvf.ini
c:\windows\system32\p2
c:\windows\system32\psjiiryr.dll
c:\windows\system32\qycymtrt.dll
c:\windows\system32\TDSSmtpw.dat
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Legacy_TNIDRIVER
-------\Service_TDSSserv.sys
-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-14 12:17 . 2009-01-14 12:37 250 --a------ c:\windows\gmer.ini
2009-01-14 09:08 . 2009-01-14 09:09 <DIR> d-------- C:\rsit
2009-01-14 05:48 . 2009-01-14 05:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-14 05:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 05:47 . 2009-01-14 05:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 05:47 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 21:49 . 2009-01-05 21:49 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 21:48 . 2009-01-05 21:48 <DIR> d-------- c:\program files\Startup Mechanic
2009-01-05 20:56 . 2009-01-05 20:56 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-01 10:01 . 2009-01-05 22:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2008-12-31 18:22 . 2008-12-31 18:22 <DIR> d-------- c:\program files\Alwil Software
2008-12-29 22:41 . 2008-12-29 22:39 512,096 --a------ c:\windows\system32\drivers\amon.sys
2008-12-29 22:41 . 2008-12-29 22:39 298,104 --a------ c:\windows\system32\imon.dll
2008-12-29 22:40 . 2008-12-29 22:39 15,424 --a------ c:\windows\system32\drivers\nod32drv.sys
2008-12-29 22:38 . 2009-01-06 00:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-29 22:11 . 2008-12-29 22:11 85 --a------ C:\$$$$$$$$11.bat
2008-12-29 22:06 . 2008-12-29 22:06 407 --a------ c:\documents and settings\HP_Administrator\mhHdKOWAj.bat
2008-12-29 22:03 . 2009-01-14 09:01 <DIR> d-------- c:\windows\system32\xn
2008-12-29 22:01 . 2008-12-29 22:01 112,364 --a------ c:\documents and settings\HP_Administrator\HJgzGR.exe
2008-12-29 22:01 . 2008-12-29 22:01 9,728 --a------ c:\documents and settings\HP_Administrator\NIpltPEIR.exe
2008-12-29 21:21 . 2008-12-29 21:21 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-29 21:21 . 2008-12-29 21:21 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-29 21:20 . 2008-12-29 21:20 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-29 21:20 . 2008-12-29 21:20 <DIR> d-------- c:\program files\AVG
2008-12-29 21:20 . 2008-12-29 22:05 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-29 21:20 . 2008-12-29 21:20 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-29 20:06 . 2008-12-29 20:06 0 --a------ c:\windows\7zS399.tmp
2008-12-28 21:07 . 2008-12-28 21:07 <DIR> d--h----- c:\windows\PIF
2008-12-28 19:09 . 2008-12-29 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-27 15:12 . 2009-01-15 08:48 <DIR> d-------- c:\program files\ESET
2008-12-26 15:08 . 2008-12-26 15:08 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2008-12-26 15:08 . 2008-12-26 15:08 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-26 15:08 . 2008-12-26 15:08 1,409 --a------ c:\windows\QTFont.for
2008-12-24 07:44 . 2008-12-26 09:50 0 --a------ c:\windows\system32\drivers\a2109834.sys
2008-12-24 07:40 . 2008-12-29 22:08 46 --a------ C:\p2hhr.bat
2008-12-24 07:37 . 2008-12-24 07:37 501 --a------ c:\documents and settings\HP_Administrator\JiRhhOyDFU.bat
2008-12-24 07:37 . 2008-12-24 07:37 355 --a------ C:\7911.bat
2008-12-24 07:33 . 2008-12-24 07:33 112,364 --a------ c:\documents and settings\HP_Administrator\uNsuRKrCG.exe
2008-12-24 07:33 . 2008-12-24 07:33 103,424 --------- c:\documents and settings\HP_Administrator\zytAwDaP.exe
2008-12-24 07:33 . 2008-12-24 07:33 16,896 --a------ c:\documents and settings\HP_Administrator\BbweHQt.exe
2008-12-24 07:33 . 2008-12-24 07:33 9,728 --a------ c:\documents and settings\HP_Administrator\VBdATA.exe
2008-12-23 13:02 . 2008-12-23 13:02 505 --a------ c:\documents and settings\HP_Administrator\UbMQshagQNH.bat
2008-12-23 13:02 . 2008-12-23 13:02 355 --a------ C:\4811.bat
2008-12-23 13:00 . 2008-12-23 13:00 112,364 --a------ c:\documents and settings\HP_Administrator\zFQvwle.exe
2008-12-23 13:00 . 2008-12-23 13:00 16,896 --a------ c:\documents and settings\HP_Administrator\SweIRctF.exe
2008-12-23 12:59 . 2008-12-23 12:59 103,424 --------- c:\documents and settings\HP_Administrator\ksODHQCLX.exe
2008-12-23 12:59 . 2008-12-23 12:59 9,728 --a------ c:\documents and settings\HP_Administrator\kpRohOgeFU.exe
2008-12-23 12:32 . 2008-12-29 22:07 2 --a------ C:\68156543
2008-12-23 12:11 . 2008-12-23 12:12 <DIR> d-------- c:\documents and settings\HP_Administrator\Shared
2008-12-23 12:11 . 2008-12-23 12:15 <DIR> d-------- c:\documents and settings\HP_Administrator\Incomplete
2008-12-23 11:56 . 2008-12-30 20:00 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2008-12-23 11:48 . 2008-12-31 23:48 <DIR> d--hs---- c:\documents and settings\HP_Administrator\Searched
2008-12-23 11:48 . 2008-12-23 11:48 41,472 --a------ C:\qasfye.exe
2008-12-23 11:47 . 2008-12-29 22:02 <DIR> d-------- c:\windows\system32\whSLD02
2008-12-23 11:47 . 2008-12-29 22:03 <DIR> d-------- c:\temp\REX81
2008-12-22 18:01 . 2008-12-22 18:01 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 03:30 --------- d-----w c:\program files\Janes Hotel
2008-12-31 04:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-30 06:37 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-30 05:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-30 03:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-27 05:16 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-23 21:05 --------- d-----w c:\program files\FrostWire
2008-12-23 19:49 --------- d-----w c:\program files\LimeWire
2008-12-17 15:26 --------- d-----w c:\program files\Norton PC Checkup
2008-12-14 07:45 --------- d-----w c:\program files\EA GAMES
2008-11-25 19:57 --------- d-----w c:\program files\Full Tilt Poker
2008-11-21 13:11 --------- d-----w c:\program files\Operation Mania
2008-11-20 04:55 2,770 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-11-15 00:32 --------- d-----w c:\program files\Hells Kitchen
2008-07-11 05:29 0 ----a-w c:\documents and settings\Trina\Application Data\wklnhst.dat
2007-10-07 20:44 110 -c----w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2008-12-22 20:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 20:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 20:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 20:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 20:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-10 12:00 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll iyfjdg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 78416]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-29 97928]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-29 15424]
R4 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-29 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-29 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-12-29 76040]
S1 a2109834;a2109834;c:\windows\system32\drivers\a2109834.sys [2008-12-24 0]
S1 cd3f86a2;cd3f86a2;c:\windows\system32\drivers\cd3f86a2.sys --> c:\windows\system32\drivers\cd3f86a2.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-15 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2009-01-03 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2009-01-15 c:\windows\Tasks\sjqhyjrd.job
- c:\windows\system32\rundll32.exe [2004-08-10 04:00]

2005-06-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 23:26]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NVIDIA nView - c:\documents and settings\HP_Administrator\nview.exe
SharedTaskScheduler-{AF0BE91A-D92D-44F5-9581-64F629762E5A} - c:\windows\system32\ccc.dll
ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)
Notify-notifyc - c:\windows\system32\ccc.dll
Notify-ssqQiijG - ssqQiijG.dll


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\rcxl7ew3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 09:07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-15 9:14:47 - machine was rebooted [HP_Administrator]
ComboFix-quarantined-files.txt 2009-01-15 17:14:33

Pre-Run: 101,646,528,512 bytes free
Post-Run: 102,349,500,416 bytes free

237 --- E O F --- 2008-12-20 08:02:46





HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:45 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\CF29243.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll iyfjdg.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (nod32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7602 bytes

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 16 January 2009 - 12:14 AM

Hello.. You have three antivirus (Avast!, AVG, NOD32).. Its a really bad idea.. Just use ONLY ONE antivirus of each computer... Uninstall TWO of them NOW..


Do that first before you do below..



1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
a2109834
cd3f86a2

File::
c:\windows\7zS399.tmp
c:\windows\system32\drivers\a2109834.sys
C:\p2hhr.bat
c:\documents and settings\HP_Administrator\JiRhhOyDFU.bat
C:\7911.bat
c:\documents and settings\HP_Administrator\uNsuRKrCG.exe
c:\documents and settings\HP_Administrator\zytAwDaP.exe
c:\documents and settings\HP_Administrator\BbweHQt.exe
c:\documents and settings\HP_Administrator\VBdATA.exe
c:\documents and settings\HP_Administrator\UbMQshagQNH.bat
C:\4811.bat
c:\documents and settings\HP_Administrator\zFQvwle.exe
c:\documents and settings\HP_Administrator\SweIRctF.exe
c:\documents and settings\HP_Administrator\ksODHQCLX.exe
c:\documents and settings\HP_Administrator\kpRohOgeFU.exe
C:\68156543
C:\qasfye.exe
c:\windows\system32\drivers\cd3f86a2.sys
c:\windows\Tasks\sjqhyjrd.job

Folder::
c:\windows\system32\whSLD02
c:\temp\REX81

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="avgrsstx.dll"

DirLook::
c:\documents and settings\HP_Administrator\Shared
c:\documents and settings\HP_Administrator\Incomplete
c:\documents and settings\HP_Administrator\Application Data\FrostWire
c:\documents and settings\HP_Administrator\Searched

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 16 January 2009 - 03:00 AM

COMBO FIX

ComboFix 09-01-13.04 - HP_Administrator 2009-01-15 23:41:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.240 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080731-0] *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\4811.bat
C:\68156543
C:\7911.bat
c:\documents and settings\HP_Administrator\BbweHQt.exe
c:\documents and settings\HP_Administrator\JiRhhOyDFU.bat
c:\documents and settings\HP_Administrator\kpRohOgeFU.exe
c:\documents and settings\HP_Administrator\ksODHQCLX.exe
c:\documents and settings\HP_Administrator\SweIRctF.exe
c:\documents and settings\HP_Administrator\UbMQshagQNH.bat
c:\documents and settings\HP_Administrator\uNsuRKrCG.exe
c:\documents and settings\HP_Administrator\VBdATA.exe
c:\documents and settings\HP_Administrator\zFQvwle.exe
c:\documents and settings\HP_Administrator\zytAwDaP.exe
C:\p2hhr.bat
C:\qasfye.exe
c:\windows\7zS399.tmp
c:\windows\system32\drivers\a2109834.sys
c:\windows\system32\drivers\cd3f86a2.sys
c:\windows\Tasks\sjqhyjrd.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\4811.bat
C:\68156543
C:\7911.bat
c:\documents and settings\HP_Administrator\BbweHQt.exe
c:\documents and settings\HP_Administrator\JiRhhOyDFU.bat
c:\documents and settings\HP_Administrator\kpRohOgeFU.exe
c:\documents and settings\HP_Administrator\ksODHQCLX.exe
c:\documents and settings\HP_Administrator\SweIRctF.exe
c:\documents and settings\HP_Administrator\UbMQshagQNH.bat
c:\documents and settings\HP_Administrator\uNsuRKrCG.exe
c:\documents and settings\HP_Administrator\VBdATA.exe
c:\documents and settings\HP_Administrator\zFQvwle.exe
c:\documents and settings\HP_Administrator\zytAwDaP.exe
C:\p2hhr.bat
C:\qasfye.exe
c:\temp\REX81
c:\temp\REX81\BDF.log
c:\windows\7zS399.tmp
c:\windows\system32\drivers\a2109834.sys
c:\windows\system32\whSLD02
c:\windows\system32\whSLD02\whSLD022328.exe
c:\windows\Tasks\sjqhyjrd.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a2109834
-------\Service_cd3f86a2


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-14 12:17 . 2009-01-14 12:37 250 --a------ c:\windows\gmer.ini
2009-01-14 09:08 . 2009-01-14 09:09 <DIR> d-------- C:\rsit
2009-01-14 05:48 . 2009-01-14 05:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-14 05:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 05:47 . 2009-01-14 05:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 05:47 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 21:49 . 2009-01-05 21:49 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 21:48 . 2009-01-05 21:48 <DIR> d-------- c:\program files\Startup Mechanic
2009-01-05 20:56 . 2009-01-05 20:56 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-31 18:22 . 2008-12-31 18:22 <DIR> d-------- c:\program files\Alwil Software
2008-12-29 22:38 . 2009-01-06 00:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-29 22:11 . 2008-12-29 22:11 85 --a------ C:\$$$$$$$$11.bat
2008-12-29 22:06 . 2008-12-29 22:06 407 --a------ c:\documents and settings\HP_Administrator\mhHdKOWAj.bat
2008-12-29 22:03 . 2009-01-14 09:01 <DIR> d-------- c:\windows\system32\xn
2008-12-29 22:01 . 2008-12-29 22:01 112,364 --a------ c:\documents and settings\HP_Administrator\HJgzGR.exe
2008-12-29 22:01 . 2008-12-29 22:01 9,728 --a------ c:\documents and settings\HP_Administrator\NIpltPEIR.exe
2008-12-28 21:07 . 2008-12-28 21:07 <DIR> d--h----- c:\windows\PIF
2008-12-28 19:09 . 2008-12-29 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-27 15:12 . 2009-01-15 23:34 <DIR> d-------- c:\program files\ESET
2008-12-26 15:08 . 2008-12-26 15:08 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2008-12-26 15:08 . 2008-12-26 15:08 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-26 15:08 . 2008-12-26 15:08 1,409 --a------ c:\windows\QTFont.for
2008-12-23 12:11 . 2008-12-23 12:12 <DIR> d-------- c:\documents and settings\HP_Administrator\Shared
2008-12-23 12:11 . 2008-12-23 12:15 <DIR> d-------- c:\documents and settings\HP_Administrator\Incomplete
2008-12-23 11:56 . 2008-12-30 20:00 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2008-12-23 11:48 . 2008-12-31 23:48 <DIR> d--hs---- c:\documents and settings\HP_Administrator\Searched
2008-12-22 18:01 . 2008-12-22 18:01 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 07:32 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2009-01-01 03:30 --------- d-----w c:\program files\Janes Hotel
2008-12-31 04:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-30 05:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-30 03:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-27 05:16 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-23 21:05 --------- d-----w c:\program files\FrostWire
2008-12-23 19:49 --------- d-----w c:\program files\LimeWire
2008-12-17 15:26 --------- d-----w c:\program files\Norton PC Checkup
2008-12-14 07:45 --------- d-----w c:\program files\EA GAMES
2008-11-25 19:57 --------- d-----w c:\program files\Full Tilt Poker
2008-11-21 13:11 --------- d-----w c:\program files\Operation Mania
2008-11-20 04:55 2,770 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-07-11 05:29 0 ----a-w c:\documents and settings\Trina\Application Data\wklnhst.dat
2007-10-07 20:44 110 -c----w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2008-12-22 20:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 20:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 20:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 20:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 20:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-10 12:00 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\HP_Administrator\Application Data\FrostWire ----

2008-12-29 23:04 7287 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\schemas\audio.xsd
2008-12-29 23:04 359 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\library.dat
2008-12-29 23:04 3303 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\schemas\video.xsd
2008-12-29 23:04 244 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\installation.props
2008-12-29 23:04 1733 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\schemas\application.xsd
2008-12-29 23:04 1291 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\schemas\image.xsd
2008-12-29 23:04 1205 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\schemas\document.xsd
2008-12-29 22:06 267 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\tables.props
2008-12-24 10:57 404 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\createtimes.cache
2008-12-24 10:57 10752269 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\fileurns.cache
2008-12-23 11:59 711 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\secureMessage.key
2008-12-23 11:59 711 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\pub1.key
2008-12-23 11:59 709 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\version.key
2008-12-23 11:59 544 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\misc\audio.gif
2008-12-23 11:59 493 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\misc\document.gif
2008-12-23 11:59 404 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\data.ser
2008-12-23 11:59 332 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\misc\video.gif
2008-12-23 11:59 125 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\misc\application.gif
2008-12-23 11:59 1030 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\public.key
2008-12-23 11:59 1010 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\misc\image.gif
2008-12-23 11:59 0 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\xml\data\delete_me
2008-12-23 11:58 218 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
2008-12-23 11:58 218 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\themes\frostwire_theme\kill.png
2008-12-23 11:58 2073 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\themes\frostwire_theme\theme.txt
2008-12-23 11:57 1593 --a------ c:\documents and settings\HP_Administrator\Application Data\FrostWire\themes\frostwire_theme.skin

---- Directory of c:\documents and settings\HP_Administrator\Incomplete ----


---- Directory of c:\documents and settings\HP_Administrator\Searched ----

2008-12-24 08:52 0 --a------ c:\documents and settings\HP_Administrator\Searched\Introducing Ambercute
2008-12-24 08:50 0 --a------ c:\documents and settings\HP_Administrator\Searched\Alexadawn is Described in 3 Words
2008-12-24 08:27 0 --a------ c:\documents and settings\HP_Administrator\Searched\Miss Busty in Bed
2008-12-24 08:11 0 --a------ c:\documents and settings\HP_Administrator\Searched\Rough Looking Babe Shows Off Her Life Skill
2008-12-24 08:10 0 --a------ c:\documents and settings\HP_Administrator\Searched\Collage of 2 Scenes
2008-12-24 07:58 0 --a------ c:\documents and settings\HP_Administrator\Searched\Veronika Fasterova Loves Turquoise
2008-12-23 13:16 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Three Hotties Share One Cock and a Fat Strap on Dick.avi
2008-12-23 13:16 45432 --a------ c:\documents and settings\HP_Administrator\Searched\A Hot Brunette Shows Off Her Perfect Tits and Rubs on Them in ....avi
2008-12-23 13:13 0 --a------ c:\documents and settings\HP_Administrator\Searched\Whips and Bondage and bleep
2008-12-23 13:13 0 --a------ c:\documents and settings\HP_Administrator\Searched\Mistress Forcing the Slave to bleep
2008-12-23 13:11 0 --a------ c:\documents and settings\HP_Administrator\Searched\Real BDSM bleep
2008-12-23 13:11 0 --a------ c:\documents and settings\HP_Administrator\Searched\Gorgeous Hoe Loves BDSM
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Teenie Sucks Finger as She Waits for Anal Pain.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Spanked Slut Cries Out for More.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Redhead Sex Slave gets Pumped Full of Cock.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Luscious Round Tit Gal Got bleeped Hard from Behind.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Four Crazy Lesbians Licking Their Twats in a Fetish Scene.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Chained Blonde Struggles to Break Free During Painful Spanking.avi
2008-12-23 12:19 45432 --a------ c:\documents and settings\HP_Administrator\Searched\Alluring Girl with a Latex Mask on Face gets Her Hands Cuffed.avi
2008-12-23 12:19 0 --a------ c:\documents and settings\HP_Administrator\Searched\Nina is One Cutie
2008-12-23 12:18 0 --a------ c:\documents and settings\HP_Administrator\Searched\Deep Hard BDSM bleep
2008-12-23 12:17 0 --a------ c:\documents and settings\HP_Administrator\Searched\Read BDSM bleep
2008-12-23 12:16 0 --a------ c:\documents and settings\HP_Administrator\Searched\Mika Tan Has One Simple Mission
2008-12-23 12:14 0 --a------ c:\documents and settings\HP_Administrator\Searched\Nyc Part 3
2008-12-23 12:05 0 --a------ c:\documents and settings\HP_Administrator\Searched\Jana Jordan is One Hellava Multi-tasker
2008-12-23 12:02 0 --a------ c:\documents and settings\HP_Administrator\Searched\This Girl is the Total Package
2008-12-23 11:59 0 --a------ c:\documents and settings\HP_Administrator\Searched\Man & Woman
2008-12-23 11:58 0 --a------ c:\documents and settings\HP_Administrator\Searched\Blue Bath Tub and a Super Cute Teen
2008-12-23 11:52 0 --a------ c:\documents and settings\HP_Administrator\Searched\Rich & Danny
2008-12-23 11:51 0 --a------ c:\documents and settings\HP_Administrator\Searched\Winxclub
2008-12-23 11:51 0 --a------ c:\documents and settings\HP_Administrator\Searched\Reese
2008-12-23 11:51 0 --a------ c:\documents and settings\HP_Administrator\Searched\Notice
2008-12-23 11:51 0 --a------ c:\documents and settings\HP_Administrator\Searched\Cream Filled Babes Presents Mallory Marx
2008-12-23 11:50 0 --a------ c:\documents and settings\HP_Administrator\Searched\Megan Martinez
2008-12-23 11:50 0 --a------ c:\documents and settings\HP_Administrator\Searched\Bree Olson
2008-12-23 11:49 0 --a------ c:\documents and settings\HP_Administrator\Searched\The Hottest Thing Around
c:\documents and settings\HP_Administrator\Searched\Teen Stripping Nude for a Nice Bath
c:\documents and settings\HP_Administrator\Searched\Teen in Panties
c:\documents and settings\HP_Administrator\Searched\Teen Babe in Her Pink Bra
c:\documents and settings\HP_Administrator\Searched\Shy Hottie Showing Her Pie
c:\documents and settings\HP_Administrator\Searched\She Will be Your Black Teen Fantasy Girl
c:\documents and settings\HP_Administrator\Searched\Perfect Thick Body on This Blonde Teen
c:\documents and settings\HP_Administrator\Searched\Let Me Taste Your Tounge
c:\documents and settings\HP_Administrator\Searched\Laurel Loves Cum Glazed Doughnuts
c:\documents and settings\HP_Administrator\Searched\I Love Getting Wet At the Pool
c:\documents and settings\HP_Administrator\Searched\Happy Go Lucky Teen with Little Boobies
c:\documents and settings\HP_Administrator\Searched\Gorgeous Teen Virgin That is as Pure as the Driven Snow
c:\documents and settings\HP_Administrator\Searched\Dirty Busty Milf Asked a Guy to Give Her a Lift with a Car
c:\documents and settings\HP_Administrator\Searched\Delightful and Divine Teen Nina Sitting Pretty
c:\documents and settings\HP_Administrator\Searched\3 Words

---- Directory of c:\documents and settings\HP_Administrator\Shared ----



((((((((((((((((((((((((((((( snapshot@2009-01-15_ 9.12.52.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-16 07:49:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 78416]
R4 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-15 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2009-01-03 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2005-06-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\rcxl7ew3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\progra~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 23:51:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-15 23:55:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 07:55:44
ComboFix2.txt 2009-01-15 17:14:51

Pre-Run: 108,623,949,824 bytes free
Post-Run: 108,608,872,448 bytes free

288 --- E O F --- 2008-12-20 08:02:46





HiJackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:14 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6774 bytes

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 16 January 2009 - 04:01 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\$$$$$$$$11.bat
c:\documents and settings\HP_Administrator\mhHdKOWAj.bat
c:\documents and settings\HP_Administrator\HJgzGR.exe
c:\documents and settings\HP_Administrator\NIpltPEIR.exe

Folder::
c:\windows\system32\xn

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 17 January 2009 - 03:02 AM

ComboFix

ComboFix 09-01-13.04 - HP_Administrator 2009-01-16 23:43:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.255 [GMT -8:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\Combo-Fix.exe
Command switches used :: K:\CFScript.txt
AV: avast! antivirus 4.8.1229 [VPS 080731-0] *On-access scanning disabled* (Outdated)
* Created a new restore point

FILE ::
C:\$$$$$$$$11.bat
c:\documents and settings\HP_Administrator\HJgzGR.exe
c:\documents and settings\HP_Administrator\mhHdKOWAj.bat
c:\documents and settings\HP_Administrator\NIpltPEIR.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$$$$$$$$11.bat
c:\documents and settings\HP_Administrator\HJgzGR.exe
c:\documents and settings\HP_Administrator\mhHdKOWAj.bat
c:\documents and settings\HP_Administrator\NIpltPEIR.exe
c:\windows\system32\xn

.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-14 12:17 . 2009-01-14 12:37 250 --a------ c:\windows\gmer.ini
2009-01-14 09:08 . 2009-01-14 09:09 <DIR> d-------- C:\rsit
2009-01-14 05:48 . 2009-01-14 05:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-14 05:48 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 05:47 . 2009-01-14 05:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 05:47 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 05:47 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-05 21:49 . 2009-01-05 21:49 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 21:48 . 2009-01-05 21:48 <DIR> d-------- c:\program files\Startup Mechanic
2009-01-05 20:56 . 2009-01-05 20:56 <DIR> d-------- c:\program files\Enigma Software Group
2008-12-31 18:22 . 2008-12-31 18:22 <DIR> d-------- c:\program files\Alwil Software
2008-12-29 22:38 . 2009-01-06 00:22 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-28 21:07 . 2008-12-28 21:07 <DIR> d--h----- c:\windows\PIF
2008-12-28 19:09 . 2008-12-29 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\U3
2008-12-27 15:12 . 2009-01-15 23:34 <DIR> d-------- c:\program files\ESET
2008-12-26 15:08 . 2008-12-26 15:08 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2008-12-26 15:08 . 2008-12-26 15:08 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-26 15:08 . 2008-12-26 15:08 1,409 --a------ c:\windows\QTFont.for
2008-12-23 12:11 . 2008-12-23 12:12 <DIR> d-------- c:\documents and settings\HP_Administrator\Shared
2008-12-23 12:11 . 2008-12-23 12:15 <DIR> d-------- c:\documents and settings\HP_Administrator\Incomplete
2008-12-23 11:56 . 2008-12-30 20:00 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\FrostWire
2008-12-23 11:48 . 2008-12-31 23:48 <DIR> d--hs---- c:\documents and settings\HP_Administrator\Searched
2008-12-22 18:01 . 2008-12-22 18:01 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Snapfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 20:13 --------- d-----w c:\program files\EA GAMES
2009-01-16 19:25 --------- d-----w c:\program files\Cooking Dash
2009-01-16 19:24 --------- d-----w c:\program files\Parking Dash
2009-01-16 19:24 --------- d-----w c:\program files\Janes Hotel
2009-01-16 19:23 --------- d-----w c:\program files\Ice Cream Mania
2009-01-16 19:23 --------- d-----w c:\program files\Home Sweet Home 2 Kitchens And Baths
2009-01-16 19:22 --------- d-----w c:\program files\Delicious 2 Deluxe
2009-01-16 07:32 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-12-31 04:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\LimeWire
2008-12-30 05:56 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-30 03:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-27 05:16 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-23 21:05 --------- d-----w c:\program files\FrostWire
2008-12-23 19:49 --------- d-----w c:\program files\LimeWire
2008-12-17 15:26 --------- d-----w c:\program files\Norton PC Checkup
2008-11-25 19:57 --------- d-----w c:\program files\Full Tilt Poker
2008-11-21 13:11 --------- d-----w c:\program files\Operation Mania
2008-11-20 04:55 2,770 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-07-11 05:29 0 ----a-w c:\documents and settings\Trina\Application Data\wklnhst.dat
2007-10-07 20:44 110 -c----w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2008-12-22 20:34 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-22 20:34 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-22 20:34 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-22 20:34 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-22 20:34 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2004-08-10 12:00 73,728 -csha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_ 9.12.52.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-17 07:50:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-01 126976]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6081:TCP"= 6081:TCP:RPC

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-31 78416]
R4 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-31 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-15 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2009-01-03 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 07:26]

2005-06-03 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 23:26]
.
.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\rcxl7ew3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 23:51:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-01-16 23:56:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-17 07:56:01
ComboFix2.txt 2009-01-16 07:55:48
ComboFix3.txt 2009-01-15 17:14:51

Pre-Run: 107,850,133,504 bytes free
Post-Run: 107,838,799,872 bytes free

168 --- E O F --- 2008-12-20 08:02:46





HiJackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:46 PM, on 1/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6774 bytes

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 17 January 2009 - 03:08 AM

looks a lot better... Lets do an online scan to see what we might miss..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 17 January 2009 - 03:02 PM

I'm sorry but I cannot run any online scans. The computer has no internet. The way I have been replying back was from my laptop and transferring the logs and programs from a data chip.

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 17 January 2009 - 03:53 PM

I'm sorry but I cannot run any online scans. The computer has no internet. The way I have been replying back was from my laptop and transferring the logs and programs from a data chip.



Err... does the computer really do not have internet connection or something is preventing the internet connection on that computer? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 18 January 2009 - 04:14 AM

Supposedly the computer has internet, but whenever I hook up the ethernet cable it says it can't find a connection. Then it says it tries to re-new the IP address but it fails at the end. I can't seem to find the problem.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:27 AM

Posted 18 January 2009 - 06:04 AM

Uh,, not sure about that.. Lets try this...

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE



Please download WinsockXPFix from HERE.
  • Double-click on WinsockXPFix and click on Fix
It will ask you to restart your computer in attempt to fix the internet connection. Please do so..



Do you got your internet connection back? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 jay521

jay521
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 20 January 2009 - 03:11 PM

I'm sorry if I am taking along time to reply back. I haven't been at my aunties house for awhile, I'll probably visit today so I can give you a reply back. Once again, Thank you so much for your time and advice. It is greatly appreciated. Thank You.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users