Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, jonotama, malaruwo, virus


  • This topic is locked This topic is locked
27 replies to this topic

#1 Razz1

Razz1

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 15 April 2009 - 11:36 PM

I'd like to thank you in advance.

I have Eset and Virtumonde gets quaratined but still have the re-direct problem.
started out as C:\WINDOWS\system32\udayihis.tmp Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

now the name is changing to etabatal etc..

Anyhow, I have jonotama.dll

I'm going to do alot of reading on the forum to learn. In the mean time if I could be helped to eliminate this and any other virus it would be great.

It appears that malaruwo.exe is also a virus.

My Eset log says the different registry keys keep getting restored.



DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 20:53:59.31 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1270 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\OTListIt2.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - No File
BHO: {753eec53-e1d8-4f87-8293-bd90c72a2ff0} - c:\windows\system32\peyumupo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [bakikorako] Rundll32.exe "c:\windows\system32\yuwelete.dll",s
mRun: [0c0a95e8] rundll32.exe "c:\windows\system32\latabaye.dll",b
mRun: [CPM0f39a674] Rundll32.exe "c:\windows\system32\lazogiya.dll",a
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\MSOFFICE.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - c:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233788543295
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
AppInit_DLLs: c:\windows\system32\mozifihi.dll c:\windows\system32\varayihe.dll c:\windows\system32\lazogiya.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lazogiya.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\lazogiya.dll
LSA: Notification Packages = scecli c:\windows\system32\varayihe.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-3-13 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-3-13 472320]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-10 2560]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2007-1-10 82048]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2007-1-10 468768]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0;c:\windows\system32\drivers\libusb0.sys [2008-7-25 33792]

=============== Created Last 30 ================

2009-04-15 20:53 360,002 a------- c:\temp\dds.scr
2009-04-15 19:58 501,248 a------- c:\temp\OTListIt2.exe
2009-04-13 12:45 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-04-13 11:13 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\{6F6DBADD-35E9-42D7-82C1-1F65F2F31141}
2009-04-02 10:25 53,511 a------- c:\temp\hotfixes_vv214b.zip
2009-03-21 19:07 2,723,264 a------- c:\temp\vcredist_x86.exe
2009-03-21 18:05 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-21 18:04 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-21 18:04 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-21 18:04 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-21 18:04 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-21 18:04 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-21 18:04 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-21 18:04 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-21 16:12 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-03-21 16:12 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-03-21 16:12 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-03-21 16:12 <DIR> --d----- c:\windows\system32\xlive
2009-03-21 16:12 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-03-21 16:03 <DIR> --d----- c:\temp\save games
2009-03-21 15:01 78,559,776 a------- c:\temp\directx_jun2008_redist.exe
2009-03-21 14:36 4,139,012 a------- c:\temp\vv_21.exe
2009-03-21 14:32 <DIR> --d----- c:\temp\GamersGate temporary files
2009-03-21 14:30 66,560 a------- c:\temp\Europa_Universalis_Rome_Vae_Victis.exe

==================== Find3M ====================

2009-04-15 19:04 3,577 a--sh--- c:\windows\system32\mmf.sys
2009-04-15 18:39 108,032 a--sh--- c:\windows\system32\lazogiya.dll
2009-04-15 18:39 100,352 a--sh--- c:\windows\system32\latabaye.dll
2009-04-15 06:40 108,544 a--sh--- c:\windows\system32\hafurive.dll
2009-04-15 06:40 99,840 -------- c:\windows\system32\hamehalu.dll
2009-04-14 10:56 70,656 a--sh--- c:\windows\system32\gasowihu.dll
2009-04-14 10:55 109,056 a--sh--- c:\windows\system32\polekove.dll
2009-04-13 23:35 210,392 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-13 22:55 107,008 a--sh--- c:\windows\system32\salugula.dll
2009-04-13 22:55 63,488 a--sh--- c:\windows\system32\yinazeku.exe
2009-04-13 10:55 109,568 a--sh--- c:\windows\system32\wukoraga.dll
2009-04-13 10:55 63,488 a--sh--- c:\windows\system32\malaruwo.exe
2009-04-12 22:55 108,544 a--sh--- c:\windows\system32\kobitaka.dll
2009-04-12 22:55 62,976 a--sh--- c:\windows\system32\jawepuwa.exe
2009-04-12 10:56 110,080 a--sh--- c:\windows\system32\jonotama.dll
2009-04-10 21:10 71,168 a--sh--- c:\windows\system32\wafiguvu.dll
2009-04-10 21:09 100,864 -------- c:\windows\system32\sihiyadu.dll
2009-04-10 21:09 110,592 a--sh--- c:\windows\system32\hudivika.dll
2009-04-10 21:09 61,952 a--sh--- c:\windows\system32\raseloka.exe
2009-04-10 09:09 64,512 a--sh--- c:\windows\system32\kisafigu.exe
2009-04-10 09:09 101,888 -------- c:\windows\system32\lenisako.dll
2009-02-10 09:49 48,640 a------- c:\windows\mmfs.dll
2009-02-10 09:49 2,560 a------- c:\windows\Runservice.exe
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 15:04 8,521 a------- c:\windows\extend.dat
2009-02-04 21:50 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-02-04 20:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-04 18:25 122,746 a------- c:\windows\HPHins11.dat
2009-02-04 16:20 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-22 17:00 476 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-10-18 21:43 14,100 a------- c:\docume~1\hp_adm~1\applic~1\acyzevibuh.sys
2008-10-18 21:43 13,018 a------- c:\program files\common files\yryrovy.com
2008-10-18 21:43 12,101 a------- c:\docume~1\alluse~1\applic~1\ykazaniv.pif
2008-10-18 21:43 10,176 a------- c:\docume~1\hp_adm~1\applic~1\piryb.vbs
2008-10-18 21:43 13,424 a------- c:\docume~1\hp_adm~1\applic~1\kehyj.exe
2008-10-17 21:06 18,320 a------- c:\docume~1\alluse~1\applic~1\zygumak.pif
2008-10-17 21:06 17,245 a------- c:\program files\common files\urepewow.inf
2008-10-17 21:06 16,520 a------- c:\program files\common files\umyrys.lib
2008-10-17 21:06 15,930 a------- c:\program files\common files\efycucis.bin
2008-10-17 21:06 13,981 a------- c:\docume~1\alluse~1\applic~1\abyruwu.com
2008-10-17 21:06 12,930 a------- c:\docume~1\alluse~1\applic~1\zogojehedy.dll
2008-10-17 21:06 12,279 a------- c:\docume~1\hp_adm~1\applic~1\jafudobek.reg
2009-01-14 10:56 70,656 a--sh--- c:\windows\system32\peyumupo.dll
2009-01-14 10:56 70,656 a--sh--- c:\windows\system32\varayihe.dll
2009-01-14 10:56 70,656 a--sh--- c:\windows\system32\yuwelete.dll

============= FINISH: 20:55:13.40 ===============

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 16 April 2009 - 12:18 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 01:44 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1989
Windows 5.1.2600 Service Pack 3

4/16/2009 11:42:47 AM
mbam-log-2009-04-16 (11-42-47).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 308141
Time elapsed: 1 hour(s), 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 7
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 25
Files Infected: 38

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\varayihe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\popiwoba.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\peyumupo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\puwaduvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yuwelete.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lazogiya.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{753eec53-e1d8-4f87-8293-bd90c72a2ff0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{753eec53-e1d8-4f87-8293-bd90c72a2ff0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{753eec53-e1d8-4f87-8293-bd90c72a2ff0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bakikorako (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0c0a95e8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm0f39a674 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\varayihe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\varayihe.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\puwaduvu.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Facegame (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Gool (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yuwelete.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\popiwoba.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\puwaduvu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\peyumupo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\varayihe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.MSAntispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\SpeedRunner\SRUninstall.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\htmlayout.dll (Rogue.AntivirusPro2009) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gasowihu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\0020B77D.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\register.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\zbucks.dat (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\dictame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetPack\trgtame.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\20090131075047609.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130154714828.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130155235250.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130190710125.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090130193115625.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090131074803187.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg (Rogue.XPAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kobitaka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lazogiya.dll (Trojan.Vundo) -> Delete on reboot.

#4 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 01:59 PM

RIST log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-04-16 11:56:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 151 GB (83%) free of 182 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:12 AM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\temp\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64d0ffc8-c37a-48e4-a128-9e38886e4e5a} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [bakikorako] Rundll32.exe "C:\WINDOWS\system32\yuwelete.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bakikorako] Rundll32.exe "C:\WINDOWS\system32\yuwelete.dll",s (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233788543295
O20 - AppInit_DLLs: c:\windows\system32\mozifihi.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)

--
End of file - 9735 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2007-01-10 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-20 7622656]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\mozifihi.dll "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Blitzkrieg\Run\game.exe"="D:\Program Files\Blitzkrieg\Run\game.exe:*:Enabled:Game"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-16 11:56:41 ----D---- C:\rsit
2009-04-16 11:56:41 ----D---- C:\Program Files\trend micro
2009-04-16 09:36:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 09:35:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-16 09:35:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 12:45:22 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2009-04-13 11:13:09 ----DC---- C:\Documents and Settings\All Users\Application Data\{6F6DBADD-35E9-42D7-82C1-1F65F2F31141}
2009-04-13 10:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-03-21 18:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-21 18:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-21 18:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-21 18:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-21 18:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-21 18:05:09 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-21 18:05:06 ----D---- C:\Program Files\MSBuild
2009-03-21 18:05:00 ----D---- C:\Program Files\Reference Assemblies
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-21 16:12:27 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-03-21 16:12:27 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-03-21 16:12:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-03-21 16:12:16 ----D---- C:\WINDOWS\system32\xlive
2009-03-21 16:12:15 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-03-18 11:34:47 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-03-18 11:34:45 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-03-18 11:34:45 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-03-18 11:34:44 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-03-18 11:34:42 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-03-18 11:34:40 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-03-18 11:34:40 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-03-18 11:34:39 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-03-18 11:34:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-03-18 11:34:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-03-18 11:34:36 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-03-18 11:34:36 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-03-18 11:34:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-03-18 11:34:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-03-18 11:34:32 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-03-18 11:34:30 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-03-18 11:34:30 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-03-18 11:34:20 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-03-18 11:34:18 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-03-18 11:34:18 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-03-18 11:34:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-03-15 21:28:51 ----RA---- C:\WINDOWS\system32\SMACKW32.DLL
2009-03-15 21:28:51 ----RA---- C:\WINDOWS\system32\DWSW32.DLL
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\WINGDE.DLL
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\wing32.dll
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\WING.DLL
2009-02-10 09:49:20 ----A---- C:\WINDOWS\Runservice.exe
2009-02-10 09:49:20 ----A---- C:\WINDOWS\mmfs.dll
2009-02-10 09:44:59 ----D---- C:\Program Files\Conduit
2009-02-10 09:44:59 ----D---- C:\Program Files\Battlefront.com
2009-02-06 14:33:29 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-02-06 14:33:28 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-02-04 23:56:05 ----D---- C:\Program Files\AccessPORT
2009-02-04 21:50:10 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-04 21:24:53 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-02-04 21:05:13 ----D---- C:\Program Files\directx
2009-02-04 20:49:26 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-04 20:34:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-04 20:27:08 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-04 19:42:27 ----D---- C:\WINDOWS\SendTo
2009-02-04 19:27:19 ----A---- C:\WINDOWS\exchng.ini
2009-02-04 19:26:36 ----D---- C:\WINDOWS\forms
2009-02-04 19:26:34 ----D---- C:\Program Files\Windows Messaging
2009-02-04 18:27:27 ----A---- C:\WINDOWS\system32\CNMVS56.DLL
2009-02-04 18:27:27 ----A---- C:\WINDOWS\system32\CNMLM56.DLL
2009-02-04 18:27:26 ----RA---- C:\WINDOWS\system32\CNMCP56.exe
2009-02-04 18:05:07 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-02-04 17:40:24 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-02-04 17:40:22 ----A---- C:\WINDOWS\system32\hpz3l463.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-04 16:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-04 16:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-04 16:56:33 ----HDC---- C:\WINDOWS\ie7
2009-02-04 16:24:16 ----D---- C:\WINDOWS\Prefetch
2009-02-04 16:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\scripting
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\en-us
2009-02-04 16:15:34 ----D---- C:\WINDOWS\system32\en
2009-02-04 16:15:34 ----D---- C:\WINDOWS\system32\bits
2009-02-04 16:15:34 ----D---- C:\WINDOWS\l2schemas
2009-02-04 16:14:16 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-04 16:11:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-04 16:07:58 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-02-04 16:07:56 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-04 16:07:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-04 16:07:52 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-04 16:07:52 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-02-04 16:07:37 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-02-04 16:07:36 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\slrundll.exe
2009-02-04 16:07:32 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-04 16:07:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-04 16:07:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-04 16:07:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-02-04 16:07:26 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-04 16:07:24 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-04 16:07:22 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napstat.exe
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-02-04 16:07:12 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-04 16:07:12 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-04 16:07:11 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-02-04 16:07:10 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-04 16:07:10 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-04 16:06:58 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-04 16:06:55 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-04 16:06:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-04 16:06:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-04 16:06:38 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-02-04 16:06:38 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-02-04 16:06:34 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-02-04 16:06:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-04 16:06:24 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-02-04 16:06:24 ----A---- C:\WINDOWS\003093_.tmp
2009-02-04 16:06:23 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-04 16:06:18 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-04 16:06:18 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-04 16:06:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-04 16:06:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-04 16:06:09 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-04 16:06:09 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-04 16:06:08 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-04 16:06:08 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-04 16:06:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-04 16:04:44 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-04 16:04:14 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wups2.dll
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-04 16:02:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-04 15:26:10 ----SHD---- C:\cmdcons
2009-02-04 15:25:56 ----D---- C:\WINDOWS\setupupd
2009-02-04 15:25:17 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-02-04 15:22:13 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-02-04 15:22:06 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-02-04 13:45:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-27 00:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-27 00:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-27 00:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-27 00:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-27 00:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-27 00:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-27 00:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-27 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-27 00:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-20 07:41:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2009-01-19 15:26:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2009-01-19 13:35:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP

======List of files/folders modified in the last 3 months======

2009-04-16 11:56:41 ----D---- C:\Program Files
2009-04-16 11:54:15 ----D---- C:\temp
2009-04-16 11:53:41 ----AD---- C:\WINDOWS
2009-04-16 11:53:05 ----D---- C:\WINDOWS\Registration
2009-04-16 11:53:04 ----D---- C:\WINDOWS\Temp
2009-04-16 11:52:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-16 11:51:01 ----D---- C:\WINDOWS\system32\drivers
2009-04-16 11:51:01 ----D---- C:\WINDOWS\system32
2009-04-16 11:50:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-16 11:42:47 ----D---- C:\Program Files\Common
2009-04-15 21:52:22 ----D---- C:\WINDOWS\Help
2009-04-15 18:39:08 ----N---- C:\WINDOWS\system32\latabaye.dll
2009-04-15 14:34:58 ----D---- C:\Program Files\GameSpy Arcade
2009-04-15 06:40:10 ----N---- C:\WINDOWS\system32\hamehalu.dll
2009-04-15 06:40:10 ----ASH---- C:\WINDOWS\system32\hafurive.dll
2009-04-14 10:55:57 ----ASH---- C:\WINDOWS\system32\polekove.dll
2009-04-13 22:55:53 ----ASH---- C:\WINDOWS\system32\salugula.dll
2009-04-13 22:55:52 ----ASH---- C:\WINDOWS\system32\yinazeku.exe
2009-04-13 10:55:30 ----ASH---- C:\WINDOWS\system32\wukoraga.dll
2009-04-13 10:55:30 ----ASH---- C:\WINDOWS\system32\malaruwo.exe
2009-04-13 10:06:41 ----SHD---- C:\WINDOWS\Installer
2009-04-13 10:06:41 ----HD---- C:\Config.Msi
2009-04-13 10:05:58 ----D---- C:\WINDOWS\WinSxS
2009-04-12 22:55:06 ----ASH---- C:\WINDOWS\system32\jawepuwa.exe
2009-04-12 13:15:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-12 10:56:19 ----ASH---- C:\WINDOWS\system32\jonotama.dll
2009-04-10 21:10:25 ----ASH---- C:\WINDOWS\system32\wafiguvu.dll
2009-04-10 21:09:57 ----N---- C:\WINDOWS\system32\sihiyadu.dll
2009-04-10 21:09:56 ----ASH---- C:\WINDOWS\system32\hudivika.dll
2009-04-10 21:09:55 ----ASH---- C:\WINDOWS\system32\raseloka.exe
2009-04-10 09:09:47 ----ASH---- C:\WINDOWS\system32\kisafigu.exe
2009-04-10 09:09:45 ----N---- C:\WINDOWS\system32\lenisako.dll
2009-04-08 08:07:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-21 22:33:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-21 22:33:11 ----RSD---- C:\WINDOWS\assembly
2009-03-21 18:51:58 ----D---- C:\WINDOWS\system32\DirectX
2009-03-21 18:51:57 ----HD---- C:\WINDOWS\inf
2009-03-21 18:48:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-21 18:11:39 ----D---- C:\Program Files\Internet Explorer
2009-03-21 18:08:23 ----A---- C:\WINDOWS\imsins.BAK
2009-03-21 18:07:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-21 18:05:04 ----RSD---- C:\WINDOWS\Fonts
2009-03-21 18:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-18 11:39:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-18 11:38:51 ----D---- C:\WINDOWS\pchealth
2009-03-12 19:23:33 ----A---- C:\WINDOWS\win.ini
2009-02-18 21:43:55 ----AD---- C:\WINDOWS\CREATOR
2009-02-12 12:55:15 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-05 19:56:57 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-02-05 14:55:48 ----D---- C:\WINDOWS\system32\Macromed
2009-02-05 14:38:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-04 22:46:15 ----A---- C:\WINDOWS\Gary Grigsby's World at War A World Divided Setup Log.txt
2009-02-04 20:34:47 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-04 20:34:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-04 20:34:46 ----A---- C:\WINDOWS\system32\java.exe
2009-02-04 20:34:44 ----D---- C:\Program Files\Java
2009-02-04 19:42:31 ----D---- C:\WINDOWS\msapps
2009-02-04 19:42:31 ----D---- C:\Program Files\Microsoft Office
2009-02-04 19:42:21 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-04 19:42:21 ----A---- C:\WINDOWS\ODBC.INI
2009-02-04 19:34:37 ----D---- C:\WINDOWS\system
2009-02-04 18:24:43 ----D---- C:\Program Files\HP
2009-02-04 18:13:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-04 18:13:23 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-04 18:07:45 ----D---- C:\Program Files\Common Files
2009-02-04 18:04:47 ----SD---- C:\WINDOWS\Tasks
2009-02-04 17:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-04 16:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-04 16:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-04 16:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-04 16:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-04 16:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-04 16:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-04 16:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-04 16:58:51 ----D---- C:\Program Files\Messenger
2009-02-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-04 16:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-04 16:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-02-04 16:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-04 16:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-04 16:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-02-04 16:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-04 16:56:52 ----D---- C:\WINDOWS\system32\config
2009-02-04 16:56:49 ----D---- C:\WINDOWS\WBEM
2009-02-04 16:56:46 ----D---- C:\WINDOWS\Media
2009-02-04 16:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-04 16:29:53 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-04 16:28:03 ----HD---- C:\hp
2009-02-04 16:27:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-04 16:26:51 ----A---- C:\WINDOWS\setuplog.txt
2009-02-04 16:23:31 ----D---- C:\WINDOWS\system32\Setup
2009-02-04 16:23:30 ----D---- C:\WINDOWS\system32\wbem
2009-02-04 16:23:30 ----D---- C:\WINDOWS\AppPatch
2009-02-04 16:22:28 ----D---- C:\WINDOWS\security
2009-02-04 16:21:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-04 16:15:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-04 16:15:40 ----D---- C:\WINDOWS\network diagnostic
2009-02-04 16:15:40 ----D---- C:\WINDOWS\ime
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\usmt
2009-02-04 16:15:34 ----D---- C:\WINDOWS\PeerNet
2009-02-04 16:15:34 ----D---- C:\Program Files\Movie Maker
2009-02-04 16:14:10 ----D---- C:\WINDOWS\system32\Restore
2009-02-04 16:14:10 ----D---- C:\WINDOWS\system32\npp
2009-02-04 16:14:10 ----D---- C:\WINDOWS\mui
2009-02-04 16:14:09 ----D---- C:\WINDOWS\msagent
2009-02-04 16:14:08 ----D---- C:\WINDOWS\srchasst
2009-02-04 16:14:07 ----D---- C:\WINDOWS\system32\Com
2009-02-04 16:14:07 ----D---- C:\Program Files\NetMeeting
2009-02-04 16:14:06 ----D---- C:\Program Files\Windows NT
2009-02-04 16:14:06 ----D---- C:\Program Files\Outlook Express
2009-02-04 16:14:04 ----D---- C:\Program Files\Common Files\System
2009-02-04 16:13:59 ----D---- C:\WINDOWS\system32\oobe
2009-02-04 16:11:30 ----AD---- C:\WINDOWS\ehome
2009-02-04 16:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-04 15:28:30 ----SHD---- C:\RECYCLER
2009-02-04 15:26:30 ----RASH---- C:\boot.ini
2009-02-04 15:26:10 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-02-04 15:24:40 ----AD---- C:\WINDOWS\system32\pcintro
2009-02-04 15:22:05 ----D---- C:\Documents and Settings
2009-02-04 15:20:09 ----RASH---- C:\BOOT.BAK
2009-02-04 15:17:44 ----A---- C:\WINDOWS\system.ini
2009-02-04 14:06:46 ----D---- C:\WINDOWS\I386
2009-02-04 14:04:35 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-04 14:04:34 ----RD---- C:\WINDOWS\Web
2009-02-04 13:18:04 ----SHD---- C:\System Volume Information
2009-02-04 13:16:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HP
2009-02-04 12:32:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2009-01-27 00:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-20 3927136]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-29 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-29 21568]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2008-02-18 33792]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-04 152984]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2009-02-10 2560]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-18 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-20 155715]
S2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#5 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 02:02 PM

RIST info.txt

info.txt logfile of random's system information tool 1.06 2009-04-16 11:57:14

======Uninstall list======

-->"C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
-->"C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AccessPORT Driver-->C:\Program Files\AccessPORT\AccessPORT Driver\uninst.exe
AccessPORT Manager 1-->C:\Program Files\AccessPORT Manager\uninst.exe
AccessPORT Updater 1.2.0.0-->C:\Program Files\AccessPORT\AccessPORT Updater\uninst.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Blitzkrieg-->D:\PROGRA~1\BLITZK~1\UNINST~1\UNWISE.EXE D:\PROGRA~1\BLITZK~1\UNINST~1\INSTALL.LOG
Canon i860-->C:\WINDOWS\system32\CNMCP56.exe "-PRINTERNAMECanon i860" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i860 Installer\Inst2\cnmi0409.dll"
Canon PhotoRecord-->MsiExec.exe /X{14980FD9-5BAF-4AD1-8051-7F2E9BB13EEC}
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESET NOD32 Antivirus-->MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
Europa Universalis - Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7FD14A8A-FBCC-4442-ACAC-A0E9EC223AED}\Setup.exe" -l0x9
Galactic Civilizations II - Gold Edition-->D:\GALATI~1\GalCiv2\GalCiv2\UNWISE.EXE D:\GALATI~1\GalCiv2\GalCiv2\INSTALL.LOG
Gary Grigsby's World at War A World Divided-->"C:\WINDOWS\Gary Grigsby's World at War A World Divided\uninstall.exe" "/U:D:\Gary Grigsby's World at War A World Divided\Uninstall\uninstall.xml"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}\setup\hpzscr01.exe -datfile hphscr11.dat -showdisconnect -forcereboot
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Soldiers At War-->C:\WINDOWS\IsUninst.exe -fd:\SoldiersatWar\Uninst.isu
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Stardock Central-->C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG
Strategic Command 2 Blitzkrieg-->"D:\Strategic Command 2 Blitzkrieg\unins000.exe"
Strategic Command 2 Weapons and Warfare Expansion-->"D:\Strategic Command 2 Blitzkrieg\Strategic Command 2 Weapons and Warfare Expansion\unins000.exe"
Sudden Strike - Resource War-->D:\PROGRA~1\SUDDEN~2\UNINST~1\UNWISE.EXE D:\PROGRA~1\SUDDEN~2\UNINST~1\INSTALL.LOG
Sudden Strike II-->D:\PROGRA~1\SUDDEN~3\UNINST~1\UNWISE.EXE D:\PROGRA~1\SUDDEN~3\UNINST~1\INSTALL.LOG
The Sims™ 2 Double Deluxe-->D:\Sims2\EAUninstall.exe
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vae Victis 2.0-->"D:\EU-ROME\unins000.exe"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

Hosts File Missing
======Security center information======

AV: ESET NOD32 Antivirus 3.0

======System event log======

Computer Name: RAZZ
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 29013
Source Name: Service Control Manager
Time Written: 20090415152406.000000-420
Event Type: error
User:

Computer Name: RAZZ
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 29012
Source Name: Service Control Manager
Time Written: 20090415152406.000000-420
Event Type: error
User:

Computer Name: RAZZ
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 29011
Source Name: Service Control Manager
Time Written: 20090415152316.000000-420
Event Type: error
User:

Computer Name: RAZZ
Event Code: 7000
Message: The Pml Driver HPZ12 service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 29010
Source Name: Service Control Manager
Time Written: 20090415152231.000000-420
Event Type: error
User:

Computer Name: RAZZ
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 29009
Source Name: W32Time
Time Written: 20090410231330.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: RAZZ
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 40
Source Name: WinMgmt
Time Written: 20090204152535.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAZZ
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 39
Source Name: WinMgmt
Time Written: 20090204152535.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAZZ
Event Code: 1
Message: Service registration successful.

Record Number: 38
Source Name: Media Center Receiver
Time Written: 20090204152511.000000-480
Event Type:
User:

Computer Name: RAZZ
Event Code: 1517
Message: Windows saved user RAZZ\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 28
Source Name: Userenv
Time Written: 20090204152205.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAZZ
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 27
Source Name: WinMgmt
Time Written: 20090204151601.000000-480
Event Type: warning
User: RAZZ\HP_Administrator

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

#6 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 07:07 PM

Here we go GMER test

Attached Files



#7 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 16 April 2009 - 08:27 PM

Let me know when I can delete all those files in quaratine by Anti-Malware

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 16 April 2009 - 09:52 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [bakikorako] Rundll32.exe "C:\WINDOWS\system32\yuwelete.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [bakikorako] Rundll32.exe "C:\WINDOWS\system32\yuwelete.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\mozifihi.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\yuwelete.dll
    c:\windows\system32\mozifihi.dll 
    C:\WINDOWS\system32\latabaye.dll
    C:\WINDOWS\system32\hamehalu.dll
    C:\WINDOWS\system32\hafurive.dll
    C:\WINDOWS\system32\polekove.dll
    C:\WINDOWS\system32\salugula.dll
    C:\WINDOWS\system32\yinazeku.exe
    C:\WINDOWS\system32\wukoraga.dll
    C:\WINDOWS\system32\malaruwo.exe
    C:\WINDOWS\system32\jawepuwa.exe
    C:\WINDOWS\system32\jonotama.dll
    C:\WINDOWS\system32\wafiguvu.dll
    C:\WINDOWS\system32\sihiyadu.dll
    C:\WINDOWS\system32\hudivika.dll
    C:\WINDOWS\system32\raseloka.exe
    C:\WINDOWS\system32\kisafigu.exe
    C:\WINDOWS\system32\lenisako.dll
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 April 2009 - 09:58 AM

I got access violation at 77124839

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 17 April 2009 - 10:05 AM

I got access violation at 77124839


When do you get that error?.. Post me the full details of the error please..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 April 2009 - 10:46 AM

I get that after I click on Move it. I believe I had Anti-Malware open and Iexplore

So I re- ran OT3 after reboot, same error, on third try it seems to have worked because I closed down internet explorer.
It appears the script worked partially on both reboots and finally ran full script after no applications were open. You be the judge.
Two more things to look at:

1) Both re-boots came up with: error loading windows/system32/hudivka.dll
module not found

There are two other moved folders besides this one, niether of those folders has a text file. They list dll that were removed. This is the only text log available.
2) Check text log


Error: Unable to interpret <processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\yuwelete.dll not found.
File/Folder c:\windows\system32\mozifihi.dll not found.
File/Folder C:\WINDOWS\system32\latabaye.dll not found.
File/Folder C:\WINDOWS\system32\hamehalu.dll not found.
File/Folder C:\WINDOWS\system32\hafurive.dll not found.
File/Folder C:\WINDOWS\system32\polekove.dll not found.
File/Folder C:\WINDOWS\system32\salugula.dll not found.
File/Folder C:\WINDOWS\system32\yinazeku.exe not found.
File/Folder C:\WINDOWS\system32\wukoraga.dll not found.
File/Folder C:\WINDOWS\system32\malaruwo.exe not found.
File/Folder C:\WINDOWS\system32\jawepuwa.exe not found.
File/Folder C:\WINDOWS\system32\jonotama.dll not found.
File/Folder C:\WINDOWS\system32\wafiguvu.dll not found.
File/Folder C:\WINDOWS\system32\sihiyadu.dll not found.
File/Folder C:\WINDOWS\system32\hudivika.dll not found.
File/Folder C:\WINDOWS\system32\raseloka.exe not found.
File/Folder C:\WINDOWS\system32\kisafigu.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\lenisako.dll
C:\WINDOWS\system32\lenisako.dll NOT unregistered.
C:\WINDOWS\system32\lenisako.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64d0ffc8-c37a-48e4-a128-9e38886e4e5a}\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\Đ…ymantec moved successfully.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_64c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04172009_080855

Files moved on Reboot...
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_64c.dat not found!

Edited by Razz1, 17 April 2009 - 10:47 AM.


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 17 April 2009 - 10:57 AM

Please run RSIT again and post the log here for my review

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 17 April 2009 - 11:03 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-04-17 09:02:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 151 GB (83%) free of 182 GB
Total RAM: 2046 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:32 AM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\temp\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [CPM0f39a674] Rundll32.exe "C:\WINDOWS\system32\hudivika.dll",a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1233788543295
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudivika.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudivika.dll (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\system32\HPZipm12.exe (file missing)

--
End of file - 9690 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2007-01-10 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-26 438848]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2003-04-28 360448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-20 7622656]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"CPM0f39a674"=C:\WINDOWS\system32\hudivika.dll,a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudivika.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\hudivika.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Blitzkrieg\Run\game.exe"="D:\Program Files\Blitzkrieg\Run\game.exe:*:Enabled:Game"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d11-f309-11dd-8f34-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d13-f309-11dd-8f34-806d6172696f}]
shell\AutoRun\command - F:\Autorun.exe


======List of files/folders created in the last 3 months======

2009-04-17 07:54:35 ----D---- C:\_OTMoveIt
2009-04-16 22:46:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo
2009-04-16 11:56:41 ----D---- C:\rsit
2009-04-16 11:56:41 ----D---- C:\Program Files\trend micro
2009-04-16 09:36:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-04-16 09:35:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-16 09:35:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 12:45:22 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2009-04-13 11:13:09 ----DC---- C:\Documents and Settings\All Users\Application Data\{6F6DBADD-35E9-42D7-82C1-1F65F2F31141}
2009-04-13 10:05:57 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-03-21 18:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-21 18:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-21 18:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-21 18:08:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-21 18:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-21 18:05:09 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-21 18:05:06 ----D---- C:\Program Files\MSBuild
2009-03-21 18:05:00 ----D---- C:\Program Files\Reference Assemblies
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-21 18:04:35 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-21 16:12:27 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-03-21 16:12:27 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-03-21 16:12:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-03-21 16:12:16 ----D---- C:\WINDOWS\system32\xlive
2009-03-21 16:12:15 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-03-18 11:34:47 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-03-18 11:34:45 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-03-18 11:34:45 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-03-18 11:34:44 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-03-18 11:34:42 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-03-18 11:34:40 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-03-18 11:34:40 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-03-18 11:34:39 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-03-18 11:34:38 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-03-18 11:34:38 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-03-18 11:34:36 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-03-18 11:34:36 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-03-18 11:34:35 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-03-18 11:34:34 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-03-18 11:34:32 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-03-18 11:34:30 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-03-18 11:34:30 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-03-18 11:34:27 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-03-18 11:34:26 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-03-18 11:34:25 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-03-18 11:34:20 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-03-18 11:34:19 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-03-18 11:34:18 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-03-18 11:34:18 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-03-18 11:34:17 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-03-15 21:28:51 ----RA---- C:\WINDOWS\system32\SMACKW32.DLL
2009-03-15 21:28:51 ----RA---- C:\WINDOWS\system32\DWSW32.DLL
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\WINGDE.DLL
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\wing32.dll
2009-03-15 21:28:51 ----A---- C:\WINDOWS\system32\WING.DLL
2009-02-10 09:49:20 ----A---- C:\WINDOWS\Runservice.exe
2009-02-10 09:49:20 ----A---- C:\WINDOWS\mmfs.dll
2009-02-10 09:44:59 ----D---- C:\Program Files\Conduit
2009-02-10 09:44:59 ----D---- C:\Program Files\Battlefront.com
2009-02-06 14:33:29 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-02-06 14:33:28 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-02-04 23:56:05 ----D---- C:\Program Files\AccessPORT
2009-02-04 21:50:10 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-04 21:24:53 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-02-04 21:05:13 ----D---- C:\Program Files\directx
2009-02-04 20:49:26 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-04 20:34:52 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-04 20:27:08 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-04 19:42:27 ----D---- C:\WINDOWS\SendTo
2009-02-04 19:27:19 ----A---- C:\WINDOWS\exchng.ini
2009-02-04 19:26:36 ----D---- C:\WINDOWS\forms
2009-02-04 19:26:34 ----D---- C:\Program Files\Windows Messaging
2009-02-04 18:27:27 ----A---- C:\WINDOWS\system32\CNMVS56.DLL
2009-02-04 18:27:27 ----A---- C:\WINDOWS\system32\CNMLM56.DLL
2009-02-04 18:27:26 ----RA---- C:\WINDOWS\system32\CNMCP56.exe
2009-02-04 18:05:07 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-02-04 17:40:24 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-02-04 17:40:22 ----A---- C:\WINDOWS\system32\hpz3l463.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-02-04 17:36:23 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-02-04 16:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-04 16:58:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-04 16:56:33 ----HDC---- C:\WINDOWS\ie7
2009-02-04 16:24:16 ----D---- C:\WINDOWS\Prefetch
2009-02-04 16:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\scripting
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\en-us
2009-02-04 16:15:34 ----D---- C:\WINDOWS\system32\en
2009-02-04 16:15:34 ----D---- C:\WINDOWS\system32\bits
2009-02-04 16:15:34 ----D---- C:\WINDOWS\l2schemas
2009-02-04 16:14:16 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-04 16:11:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-04 16:07:58 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-02-04 16:07:56 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-02-04 16:07:53 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-02-04 16:07:52 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-02-04 16:07:52 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-02-04 16:07:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-02-04 16:07:37 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-02-04 16:07:36 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slserv.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slgen.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-02-04 16:07:35 ----N---- C:\WINDOWS\slrundll.exe
2009-02-04 16:07:32 ----N---- C:\WINDOWS\system32\setupn.exe
2009-02-04 16:07:30 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-02-04 16:07:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-04 16:07:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-02-04 16:07:26 ----N---- C:\WINDOWS\system32\qutil.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-02-04 16:07:25 ----N---- C:\WINDOWS\system32\qagent.dll
2009-02-04 16:07:24 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-02-04 16:07:22 ----N---- C:\WINDOWS\system32\onex.dll
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napstat.exe
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-02-04 16:07:13 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-02-04 16:07:12 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-02-04 16:07:12 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-02-04 16:07:11 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-02-04 16:07:10 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-02-04 16:07:10 ----N---- C:\WINDOWS\system32\mssha.dll
2009-02-04 16:06:58 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-02-04 16:06:57 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-02-04 16:06:55 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-02-04 16:06:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-02-04 16:06:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-02-04 16:06:46 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-02-04 16:06:38 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-02-04 16:06:38 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-02-04 16:06:34 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-02-04 16:06:30 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-02-04 16:06:24 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-02-04 16:06:24 ----A---- C:\WINDOWS\003093_.tmp
2009-02-04 16:06:23 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-02-04 16:06:22 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-02-04 16:06:19 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-02-04 16:06:18 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-02-04 16:06:18 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-02-04 16:06:17 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-02-04 16:06:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-02-04 16:06:09 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-04 16:06:09 ----N---- C:\WINDOWS\system32\azroles.dll
2009-02-04 16:06:08 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-02-04 16:06:08 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-02-04 16:06:07 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-02-04 16:06:01 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-02-04 16:04:44 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-04 16:04:14 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wups2.dll
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-02-04 16:02:57 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-04 16:02:56 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-04 15:26:10 ----SHD---- C:\cmdcons
2009-02-04 15:25:56 ----D---- C:\WINDOWS\setupupd
2009-02-04 15:25:17 ----AH---- C:\WINDOWS\system32\FFASTLOG.TXT
2009-02-04 15:22:13 ----ASH---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-02-04 15:22:06 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-02-04 15:22:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-02-04 13:45:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-27 00:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-27 00:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-27 00:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-27 00:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-27 00:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-27 00:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-27 00:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-27 00:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-27 00:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-20 07:41:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\WinBatch
2009-01-19 15:26:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Image Zone Express
2009-01-19 13:35:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP

======List of files/folders modified in the last 3 months======

2009-04-17 09:01:39 ----D---- C:\WINDOWS\Temp
2009-04-17 08:19:35 ----AD---- C:\WINDOWS
2009-04-17 08:18:05 ----D---- C:\WINDOWS\Registration
2009-04-17 08:18:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 08:15:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-17 08:08:56 ----D---- C:\WINDOWS\system32
2009-04-17 07:50:53 ----D---- C:\temp
2009-04-16 11:56:41 ----D---- C:\Program Files
2009-04-16 11:51:01 ----D---- C:\WINDOWS\system32\drivers
2009-04-16 11:42:47 ----D---- C:\Program Files\Common
2009-04-15 21:52:22 ----D---- C:\WINDOWS\Help
2009-04-15 14:34:58 ----D---- C:\Program Files\GameSpy Arcade
2009-04-13 10:06:41 ----SHD---- C:\WINDOWS\Installer
2009-04-13 10:06:41 ----HD---- C:\Config.Msi
2009-04-13 10:05:58 ----D---- C:\WINDOWS\WinSxS
2009-04-12 13:15:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-08 08:07:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-21 22:33:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-21 22:33:11 ----RSD---- C:\WINDOWS\assembly
2009-03-21 18:51:58 ----D---- C:\WINDOWS\system32\DirectX
2009-03-21 18:51:57 ----HD---- C:\WINDOWS\inf
2009-03-21 18:48:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-21 18:11:39 ----D---- C:\Program Files\Internet Explorer
2009-03-21 18:08:23 ----A---- C:\WINDOWS\imsins.BAK
2009-03-21 18:07:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-21 18:05:04 ----RSD---- C:\WINDOWS\Fonts
2009-03-21 18:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-18 11:39:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-18 11:38:51 ----D---- C:\WINDOWS\pchealth
2009-03-12 19:23:33 ----A---- C:\WINDOWS\win.ini
2009-02-18 21:43:55 ----AD---- C:\WINDOWS\CREATOR
2009-02-12 12:55:15 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-05 19:56:57 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-02-05 14:55:48 ----D---- C:\WINDOWS\system32\Macromed
2009-02-05 14:38:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-04 22:46:15 ----A---- C:\WINDOWS\Gary Grigsby's World at War A World Divided Setup Log.txt
2009-02-04 20:34:47 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-04 20:34:46 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-04 20:34:46 ----A---- C:\WINDOWS\system32\java.exe
2009-02-04 20:34:44 ----D---- C:\Program Files\Java
2009-02-04 19:42:31 ----D---- C:\WINDOWS\msapps
2009-02-04 19:42:31 ----D---- C:\Program Files\Microsoft Office
2009-02-04 19:42:21 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-04 19:42:21 ----A---- C:\WINDOWS\ODBC.INI
2009-02-04 19:34:37 ----D---- C:\WINDOWS\system
2009-02-04 18:24:43 ----D---- C:\Program Files\HP
2009-02-04 18:13:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-02-04 18:13:23 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-04 18:07:45 ----D---- C:\Program Files\Common Files
2009-02-04 18:04:47 ----SD---- C:\WINDOWS\Tasks
2009-02-04 17:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-04 16:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-04 16:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-04 16:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-04 16:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-04 16:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-04 16:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-04 16:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-04 16:58:51 ----D---- C:\Program Files\Messenger
2009-02-04 16:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-04 16:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-04 16:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-02-04 16:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-04 16:58:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-04 16:58:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-04 16:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-02-04 16:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-04 16:56:52 ----D---- C:\WINDOWS\system32\config
2009-02-04 16:56:49 ----D---- C:\WINDOWS\WBEM
2009-02-04 16:56:46 ----D---- C:\WINDOWS\Media
2009-02-04 16:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-04 16:29:53 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-04 16:28:03 ----HD---- C:\hp
2009-02-04 16:27:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-04 16:26:51 ----A---- C:\WINDOWS\setuplog.txt
2009-02-04 16:23:31 ----D---- C:\WINDOWS\system32\Setup
2009-02-04 16:23:30 ----D---- C:\WINDOWS\system32\wbem
2009-02-04 16:23:30 ----D---- C:\WINDOWS\AppPatch
2009-02-04 16:22:28 ----D---- C:\WINDOWS\security
2009-02-04 16:21:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-04 16:15:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-04 16:15:40 ----D---- C:\WINDOWS\network diagnostic
2009-02-04 16:15:40 ----D---- C:\WINDOWS\ime
2009-02-04 16:15:35 ----D---- C:\WINDOWS\system32\usmt
2009-02-04 16:15:34 ----D---- C:\WINDOWS\PeerNet
2009-02-04 16:15:34 ----D---- C:\Program Files\Movie Maker
2009-02-04 16:14:10 ----D---- C:\WINDOWS\system32\Restore
2009-02-04 16:14:10 ----D---- C:\WINDOWS\system32\npp
2009-02-04 16:14:10 ----D---- C:\WINDOWS\mui
2009-02-04 16:14:09 ----D---- C:\WINDOWS\msagent
2009-02-04 16:14:08 ----D---- C:\WINDOWS\srchasst
2009-02-04 16:14:07 ----D---- C:\WINDOWS\system32\Com
2009-02-04 16:14:07 ----D---- C:\Program Files\NetMeeting
2009-02-04 16:14:06 ----D---- C:\Program Files\Windows NT
2009-02-04 16:14:06 ----D---- C:\Program Files\Outlook Express
2009-02-04 16:14:04 ----D---- C:\Program Files\Common Files\System
2009-02-04 16:13:59 ----D---- C:\WINDOWS\system32\oobe
2009-02-04 16:11:30 ----AD---- C:\WINDOWS\ehome
2009-02-04 16:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-04 15:28:30 ----SHD---- C:\RECYCLER
2009-02-04 15:26:30 ----RASH---- C:\boot.ini
2009-02-04 15:26:10 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-02-04 15:24:40 ----AD---- C:\WINDOWS\system32\pcintro
2009-02-04 15:22:05 ----D---- C:\Documents and Settings
2009-02-04 15:20:09 ----RASH---- C:\BOOT.BAK
2009-02-04 15:17:44 ----A---- C:\WINDOWS\system.ini
2009-02-04 14:06:46 ----D---- C:\WINDOWS\I386
2009-02-04 14:04:35 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-04 14:04:34 ----RD---- C:\WINDOWS\Web
2009-02-04 13:18:04 ----SHD---- C:\System Volume Information
2009-02-04 13:16:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\HP
2009-02-04 12:32:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2009-01-27 00:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-20 3927136]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-29 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-29 21568]
S3 libusb0;LibUsb-Win32 - Kernel Driver 08/27/2006, 0.1.12.0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [2008-02-18 33792]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-04 152984]
R2 LicCtrlService;LicCtrl Service; C:\WINDOWS\runservice.exe [2009-02-10 2560]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-08-18 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-20 155715]
S2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 17 April 2009 - 08:50 PM

Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..

:processes
explorer.exe

:services

:files
C:\WINDOWS\system32\hudivika.dll
F:\Autorun.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CPM0f39a674"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d13-f309-11dd-8f34-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d11-f309-11dd-8f34-806d6172696f}]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]



NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. ESET Online Scanner
3. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Razz1

Razz1
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:44 PM

Posted 18 April 2009 - 11:51 AM

Got rid of hudivika.dll but I keep getting two spyware pop ups. Can move them or delete them. Can not access OT3.

Did Cntrl Alt Delete, upon system reboot got this record

Still have these pops up from Spyware Protect 2009 with threat listed as BankerFox.A and win32/nuequel.E

Running Eset scan next.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\hudivika.dll not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPM0f39a674 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler\\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d13-f309-11dd-8f34-806d6172696f}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02163d11-f309-11dd-8f34-806d6172696f}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_093435

Files moved on Reboot...
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered.
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_7c8.dat not found!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users