Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects, No disk errors, and non-working System Restore


  • This topic is locked This topic is locked
15 replies to this topic

#1 Kittenofdoom

Kittenofdoom

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 27 April 2009 - 07:27 PM

After having just cleaned my computer just a few weeks ago, I'm a bit pissed that something new has popped up so quickly. Even after several thorough sessions of virus scans and crap-removal, I'm still having a few retarded problems. I generally use safe-ish browsing habits with Firefox, rarely open any email ever, and never download anything I'm not already sure is safe.

First, I keep getting redirected from Google. I search, I click, I get sent to someplace in the middle of nowhere thanks to google-redirect.com. I'm not aware of ever having done anything that would specifically cause this.

Second, random programs will have several errors that pop up with the title "Windows - No Disk" and the message, "Exception Processing Message....." This is even happening with new programs, like DDS which I downloaded specifically to post this thread. It's random in its occurrences, even Task Manager caused it when I looked to see what processes were running.

Third, System Restore won't work. I had hoped to use it to go back to my last safe point, but nothing happens when I click the "Next" button to try to proceed past the "Confirm Restore Point Selection" page. Even repeatedly mashing it in anger didn't work.

Here's my DDS log:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 16:58:59.89 on Mon 04/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.80 [GMT -7:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://b3ta.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=organize-srch&s=askjeeves&locale=EN_US&c=Q304&bd=pavilion&pf=desktop&parm1=theme.cp.tv1&parm2=HalfPanel&parm3=disabled&p=Type+search+text+here
uInternet Settings,ProxyOverride = 127.0.0.1
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [<NO NAME>] c:\windows\temp\kl370y.exe
dRun: [Windows Resurections] c:\windows\temp\kl370y.exe
dRun: [Diagnostic Manager] c:\windows\temp\1693844.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: ,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\paafn6zh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.b3ta.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktopab&query=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-25 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-25 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-25 298264]

=============== Created Last 30 ================

2009-04-27 16:21 29,696 a------- c:\windows\system32\loader49.exe
2009-04-27 12:40 27,648 a------- c:\windows\system32\lmppcsetup.exe
2009-04-25 19:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-25 19:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 19:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-25 15:05 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-25 14:58 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-25 14:58 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 14:58 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-25 14:58 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-25 14:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-25 08:47 2,713 ---sh--- c:\windows\system32\zokanete.dll
2009-04-20 17:41 <DIR> --d----- c:\program files\Ventrilo
2009-04-20 17:41 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-20 17:41 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-16 13:49 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 13:49 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-05 12:57 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-04-05 12:56 <DIR> --d----- c:\program files\MSECACHE
2009-04-04 02:03 <DIR> --d----- c:\windows\system32\scripting
2009-04-04 02:03 <DIR> --d----- c:\windows\l2schemas
2009-04-04 02:03 <DIR> --d----- c:\windows\system32\en
2009-04-04 02:03 <DIR> --d----- c:\windows\system32\bits
2009-04-04 01:59 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-04 01:56 <DIR> --d----- c:\windows\network diagnostic
2009-04-04 01:45 <DIR> --d----- c:\windows\EHome
2009-04-04 01:24 <DIR> --dsh--- c:\documents and settings\compaq_owner\UserData
2009-04-04 01:10 73,728 a------- C:\pv.exe
2009-04-01 23:56 <DIR> --d----- C:\gmer
2009-03-30 19:43 <DIR> --d----- c:\documents and settings\compaq_owner\DoctorWeb
2009-03-30 19:37 <DIR> --d----- C:\61a6a084a8e2b77417d0
2009-03-30 01:39 121 a------- c:\windows\bdagent.INI
2009-03-30 00:56 81,984 a------- c:\windows\system32\bdod.bin
2009-03-30 00:44 <DIR> --d----- c:\windows\system32\logs
2009-03-30 00:43 <DIR> --d----- c:\program files\BitDefender
2009-03-30 00:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-03-30 00:40 <DIR> --d----- c:\program files\common files\BitDefender
2009-03-29 13:24 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes
2009-03-29 13:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-04-04 02:11 81,971 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 11:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-11 09:25 499,712 a------- c:\windows\system32\msvcp71.dll
2009-02-11 09:25 348,160 a------- c:\windows\system32\msvcr71.dll
2009-02-10 18:05 208,896 a------- c:\windows\system32\ConTest.dll
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2006-07-05 02:09 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 16:59:51.48 ===============

BC AdBot (Login to Remove)

 


#2 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 28 April 2009 - 05:00 PM

The owner got frustrated and went nuclear, returning the machine to its factory values. Is there any chance the viruses are still lurking around?

#3 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 28 April 2009 - 06:21 PM

A quick google search just gave me my reply. Yes, there is still definitely wrong with this comp.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:25 AM

Posted 10 May 2009 - 12:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 12 May 2009 - 03:21 AM

For some reason neither DDS program work under the current configuration. I downloaded them a few times, disabled Norton completely, and they immediately close the instant they open. What might be preventing me from running them?

The problem, as it currently exists, is that a google search will occasionally throw up a link that is redirected to some random place in the middle of nowhere. It originally was redirected through google-redirect.com, although now it's moved to some other redirecting site.

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 14 May 2009 - 09:39 PM

Hi Kittenofdoom,



Step1
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.


Step2

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time. Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


Step3
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<

In your next reply, please post back:

1.GooredFix log
2.Combofix log
3.RSIT log.txt and info.txt. Thanks.

#7 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 15 May 2009 - 03:37 AM

Please keep in mind that after the owner did the complete wipe, I had to re-install most of the programs I had before.

Goored:

GooredFix v1.92 by jpshortstuff
Log created at 00:52 on 15/05/2009 running Option #1 (Compaq_Owner)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{AA7C56F8-18E3-495C-9505-E60BF80C6F7F}

=====Dumping Registry Values=====

Combofix:

ComboFix 09-05-14.05 - Compaq_Owner 05/15/2009 1:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.166 [GMT -7:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Personal Firewall *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000217_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-07 08:49 . 2009-05-07 10:00 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\FullTiltPoker
2009-05-07 08:48 . 2009-05-08 08:01 -------- d-----w c:\program files\Full Tilt Poker
2009-04-30 20:58 . 2009-05-06 01:27 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\AdobeUM
2009-04-30 20:58 . 2009-04-30 20:58 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\Adobe
2009-04-29 10:00 . 2009-04-29 10:00 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\HP
2009-04-29 09:48 . 2006-04-10 21:03 38400 ----a-w c:\windows\system32\hpz3l054.dll
2009-04-29 09:47 . 2008-04-13 18:45 15104 -c--a-w c:\windows\system32\dllcache\usbscan.sys
2009-04-29 09:47 . 2008-04-13 18:45 15104 ----a-w c:\windows\system32\drivers\usbscan.sys
2009-04-29 09:46 . 2006-03-04 04:02 57344 ----a-w c:\windows\system32\HPZisn12.dll
2009-04-29 09:46 . 2006-03-04 04:02 94208 ----a-w c:\windows\system32\HPZipt12.dll
2009-04-29 09:46 . 2006-03-04 04:02 204800 ----a-w c:\windows\system32\HPZipr12.dll
2009-04-29 09:46 . 2006-03-04 04:03 69632 ----a-w c:\windows\system32\HPZipm12.exe
2009-04-29 09:46 . 2006-03-04 04:03 65536 ----a-w c:\windows\system32\HPZinw12.exe
2009-04-29 09:46 . 2006-03-04 04:03 282680 ----a-w c:\windows\system32\HPZidr12.dll
2009-04-29 09:40 . 2009-04-29 10:04 35080 ----a-w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-29 09:37 . 2005-07-19 01:38 98304 ----a-w c:\windows\system32\hpzjsn01.dll
2009-04-29 09:36 . 2006-05-05 21:18 11634 -c--a-w c:\windows\hpomdl11.dat
2009-04-29 09:14 . 2009-04-29 09:14 -------- d-sh--w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\IETldCache
2009-04-29 09:07 . 2009-04-29 09:07 -------- d-----w c:\windows\ie8updates
2009-04-29 09:07 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-29 09:05 . 2009-04-29 09:06 -------- dc-h--w c:\windows\ie8
2009-04-29 08:27 . 2008-06-18 15:49 49904 ----a-r c:\windows\system32\drivers\BVRPMPR5.SYS
2009-04-29 08:26 . 2009-04-29 08:48 -------- d-----w C:\Netgear
2009-04-29 04:06 . 2009-04-29 04:06 -------- d-----w c:\windows\system32\scripting
2009-04-29 04:06 . 2009-04-29 04:06 -------- d-----w c:\windows\system32\en
2009-04-29 04:06 . 2009-04-29 04:06 -------- d-----w c:\windows\system32\bits
2009-04-29 02:26 . 2009-05-14 01:00 -------- d-----w c:\program files\Norton Security Scan
2009-04-29 01:29 . 2004-08-04 05:29 1897408 ------w c:\windows\system32\drivers\nv4_mini.sys
2009-04-29 01:28 . 2008-04-14 00:11 15423 ------w c:\windows\system32\drivers\ch7xxnt5.dll
2009-04-28 23:49 . 2009-04-28 23:49 -------- d-s---w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\UserData
2009-04-28 23:28 . 2009-04-28 23:28 -------- d-----w C:\PFiles
2009-04-28 23:26 . 2009-04-28 23:26 -------- d-----w c:\windows\system32\Adobe
2009-04-28 23:25 . 2009-04-28 23:25 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\Apple
2009-04-28 23:23 . 2009-04-28 23:23 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-28 23:23 . 2009-04-28 23:23 -------- d-----w c:\program files\NOS
2009-04-28 22:56 . 2009-04-28 22:56 -------- d-----w c:\documents and settings\Owner
2009-04-28 22:48 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-28 22:48 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-28 22:48 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-28 22:48 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-28 22:48 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 22:48 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 22:48 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 22:48 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-28 22:48 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-28 22:48 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-28 22:48 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-28 22:48 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-28 22:47 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-04-28 22:45 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-28 22:44 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-28 22:41 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-04-28 22:41 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-28 22:40 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-04-28 22:40 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-04-28 22:38 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-28 22:38 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-28 22:24 . 2009-04-28 22:24 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\Ventrilo
2009-04-28 22:21 . 2009-04-28 22:21 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\Malwarebytes
2009-04-28 22:21 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-28 22:21 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-28 22:20 . 2009-04-28 22:20 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\MSNInstaller
2009-04-28 22:07 . 2009-01-08 01:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-04-28 21:46 . 2009-04-28 21:46 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\Mozilla
2009-04-28 13:53 . 2009-04-28 13:53 -------- d-----w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Application Data\Template
2009-04-28 13:43 . 2008-06-24 16:43 74240 -c----w c:\windows\system32\dllcache\mscms.dll
2009-04-28 13:43 . 2009-02-09 11:13 1846784 -c----w c:\windows\system32\dllcache\win32k.sys
2009-04-28 13:41 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-28 13:38 . 2004-08-12 03:40 -------- d-----w c:\windows\system32\config\systemprofile\WINDOWS
2009-04-28 13:38 . 2009-04-28 13:38 108544 ------w c:\windows\system32\pxcpyi64.exe
2009-04-28 13:38 . 2009-04-28 13:38 104960 ------w c:\windows\system32\pxinsi64.exe
2009-04-28 13:35 . 2002-11-21 17:57 204800 ----a-w c:\windows\system32\IVIresizeW7.dll
2009-04-28 13:35 . 2002-11-21 17:57 188416 ----a-w c:\windows\system32\IVIresizePX.dll
2009-04-28 13:35 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeP6.dll
2009-04-28 13:35 . 2002-11-21 17:57 192512 ----a-w c:\windows\system32\IVIresizeM6.dll
2009-04-28 13:35 . 2002-11-21 17:57 200704 ----a-w c:\windows\system32\IVIresizeA6.dll
2009-04-28 13:35 . 2002-11-21 17:57 20480 ----a-w c:\windows\system32\IVIresize.dll
2009-04-28 13:21 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-28 13:21 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-28 12:30 . 2009-04-29 09:47 -------- dcsh--r c:\windows\system32\dllcache
2009-04-26 02:58 . 2009-04-28 22:21 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-25 22:05 . 2009-04-27 22:19 -------- d--h--w C:\$AVG8.VAULT$
2009-04-25 21:57 . 2009-04-27 23:06 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-21 00:41 . 2009-04-21 00:41 -------- d-----w c:\program files\Ventrilo
2009-04-21 00:41 . 2009-04-21 00:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 08:17 . 2004-08-12 11:57 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-15 07:58 . 2009-04-28 13:40 151 ----a-w c:\documents and settings\Compaq_Owner.YOUR-45C550F850\Local Settings\Application Data\fusioncache.dat
2009-05-15 05:35 . 2005-06-04 05:21 10 ----a-w c:\windows\popcinfo.dat
2009-05-07 08:48 . 2004-08-12 03:28 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-06 08:15 . 2004-08-12 02:34 -------- d-----w c:\program files\Java
2009-05-06 08:11 . 2009-04-05 19:57 -------- d-----w c:\program files\Windows Installer Clean Up
2009-04-29 10:04 . 2006-12-27 02:57 117179 -c--a-w c:\windows\hpoins11.dat
2009-04-29 09:56 . 2006-12-27 03:12 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-04-29 00:01 . 2009-04-05 19:56 -------- d-----w c:\program files\MSECACHE
2009-04-28 23:28 . 2004-08-12 03:39 -------- d-----w c:\program files\QuickTime
2009-04-28 22:31 . 2004-08-12 03:58 -------- d-----w c:\program files\Easy Internet signup
2009-04-28 22:02 . 2004-08-12 03:23 -------- d-----w c:\program files\Common Files\Real
2009-04-28 13:51 . 2004-12-27 00:27 -------- d-----w c:\program files\Common Files\AOL
2009-04-28 13:41 . 2009-04-28 13:41 4374 --sha-r c:\windows\system32\drivers\HP_PS114AA-ABA SR1215CB NA440_YC_Pres_QMXM449_E44NAheREG4_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448_J120_7AMD_8Sempron 3000+_92_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G11067205.MRK
2009-04-26 02:57 . 2008-04-29 11:12 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-03 08:42 . 2006-09-03 09:04 -------- d-----w c:\program files\Three Rings Design
2009-03-31 06:00 . 2008-01-26 14:53 -------- d-----w c:\program files\WinAce
2009-03-31 01:56 . 2009-03-30 07:43 -------- d-----w c:\program files\BitDefender
2009-03-31 01:56 . 2009-03-30 07:40 -------- d-----w c:\program files\Common Files\BitDefender
2009-03-28 19:37 . 2004-12-27 00:28 -------- d-----w c:\program files\Viewpoint
2009-03-23 22:36 . 2009-03-23 22:36 -------- d-----w c:\program files\Trend Micro
2009-03-23 00:29 . 2009-03-23 00:28 -------- d-----w c:\program files\Common Files\aolback
2009-03-22 21:55 . 2004-12-27 19:11 -------- d-----w c:\program files\LimeWire
2009-03-22 19:19 . 2008-02-26 06:45 -------- d-----w c:\program files\DNA
2009-03-22 19:12 . 2007-09-15 09:17 -------- d-----w c:\program files\BitTorrent
2009-03-22 19:00 . 2009-03-16 22:24 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-19 15:08 . 2009-03-19 15:08 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-19 15:08 . 2009-03-19 15:08 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-19 04:04 . 2006-09-05 00:20 -------- d-----w c:\program files\Incomplete
2009-03-17 06:01 . 2009-03-17 06:01 -------- d-----w c:\program files\AVG
2009-03-08 11:34 . 2004-08-29 18:24 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2004-08-29 18:21 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2004-08-29 18:20 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2004-08-29 18:24 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2004-08-29 19:08 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2004-08-29 18:21 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2004-08-29 18:21 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2004-08-29 18:22 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2004-08-29 18:21 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2004-08-29 18:22 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-29 18:22 284160 ----a-w c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 71328]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-27 49152]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\bin\\IA\\Core\\MDM_Util.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]


--- Other Services/Drivers In Memory ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - ccEvtMgr
*Deregistered* - ccProxy
*Deregistered* - ccSetMgr
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - fasttx2k
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - navapsvc
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - SISAGP
*Deregistered* - SNDSrvc
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMIDSCO
*Deregistered* - SYMNDIS
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
*Deregistered* - SymWSC
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - viaagp1
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-05-10 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-29 00:12]

2009-05-12 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-06-05 00:47]

2009-05-14 c:\windows\Tasks\Norton Security Scan for Compaq_Owner.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 03:20]

2009-05-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-12 08:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=presario&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 01:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-15 1:31
ComboFix-quarantined-files.txt 2009-05-15 08:30

Pre-Run: 98,326,163,456 bytes free
Post-Run: 99,057,438,720 bytes free

341 --- E O F --- 2009-05-13 10:02

Info

info.txt logfile of random's system information tool 1.06 2009-05-15 01:34:14

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Agere Systems PCI Soft Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
CC_ccProxyMSI-->MsiExec.exe /I{A398F2DC-D706-4bb2-AC38-5532CD229D08}
CC_ccStart-->MsiExec.exe /I{D8C6CB8F-F5B9-4274-82F1-C31083BDFD1F}
ccCommon-->MsiExec.exe /I{4214CB9C-AB35-480E-9868-0FE4B5982472}
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Norton AntiVirus 2004 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2004-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}
Norton Internet Security-->MsiExec.exe /I{948444FE-265B-4623-910E-AE424DC03350}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Personal Firewall (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{6FF543AB-99B3-4120-902C-70A38314ABD8}_2_0_1\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{6FF543AB-99B3-4120-902C-70A38314ABD8}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: Norton AntiVirus (outdated)
FW: Norton Personal Firewall (disabled)

======System event log======

Computer Name: YOUR-45C550F850
Event Code: 7000
Message: The crd service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 61
Source Name: Service Control Manager
Time Written: 20090428152018.000000-420
Event Type: error
User:

Computer Name: YOUR-45C550F850
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the crd service to connect.

Record Number: 60
Source Name: Service Control Manager
Time Written: 20090428152018.000000-420
Event Type: error
User:

Computer Name: YOUR-45C550F850
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\AVG\AVG8\avgui.exe.
Reference error message: The operation completed successfully.
.

Record Number: 38
Source Name: SideBySide
Time Written: 20090428145408.000000-420
Event Type: error
User:

Computer Name: YOUR-45C550F850
Event Code: 59
Message: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Record Number: 37
Source Name: SideBySide
Time Written: 20090428145408.000000-420
Event Type: error
User:

Computer Name: YOUR-45C550F850
Event Code: 32
Message: Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


Record Number: 36
Source Name: SideBySide
Time Written: 20090428145408.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-45C550F850
Event Code: 1517
Message: Windows saved user YOUR-45C550F850\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 49
Source Name: Userenv
Time Written: 20090428155952.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-45C550F850
Event Code: 1517
Message: Windows saved user YOUR-45C550F850\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 20
Source Name: Userenv
Time Written: 20090428153306.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-45C550F850
Event Code: 10005
Message: Product: Java™ 6 Update 13 -- Error 25099. Unzipping core files failed.

Record Number: 16
Source Name: MsiInstaller
Time Written: 20090428151849.000000-420
Event Type: error
User: YOUR-45C550F850\Compaq_Owner

Computer Name: YOUR-45C550F850
Event Code: 1002
Message: Hanging application mbam-setup.tmp, version 51.49.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15
Source Name: Application Hang
Time Written: 20090428151710.000000-420
Event Type: error
User:

Computer Name: YOUR-45C550F850
Event Code: 10005
Message: Product: Java™ 6 Update 13 -- Error 25099. Unzipping core files failed.

Record Number: 13
Source Name: MsiInstaller
Time Written: 20090428151427.000000-420
Event Type: error
User: YOUR-45C550F850\Compaq_Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-05-15 01:33:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 94 GB (86%) free of 110 GB
Total RAM: 447 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:10 AM, on 5/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Desktop\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6952 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job
C:\WINDOWS\tasks\Norton Security Scan for Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll [2003-12-11 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2004-06-04 103552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-03-26 49152]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-07-06 2550272]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-09 71328]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2004-04-21 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2003-12-17 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\bin\IA\Core\MDM_Util.exe"="E:\bin\IA\Core\MDM_Util.exe:*:Enabled:MDM_Util"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-05-15 01:33:58 ----D---- C:\rsit
2009-05-15 01:31:05 ----D---- C:\WINDOWS\temp
2009-05-15 01:31:03 ----A---- C:\ComboFix.txt
2009-05-15 01:23:45 ----A---- C:\WINDOWS\zip.exe
2009-05-15 01:23:45 ----A---- C:\WINDOWS\vFind.exe
2009-05-15 01:23:45 ----A---- C:\WINDOWS\SWREG.exe
2009-05-15 01:23:45 ----A---- C:\WINDOWS\sed.exe
2009-05-15 01:23:45 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-15 01:23:45 ----A---- C:\WINDOWS\grep.exe
2009-05-15 01:23:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-15 01:23:44 ----A---- C:\WINDOWS\SWSC.exe
2009-05-15 00:54:09 ----D---- C:\Qoobox
2009-05-07 01:48:05 ----D---- C:\Program Files\Full Tilt Poker
2009-04-30 13:58:03 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\AdobeUM
2009-04-29 03:00:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\HP
2009-04-29 02:48:07 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-04-29 02:46:48 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-04-29 02:46:48 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-04-29 02:46:47 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-04-29 02:46:47 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-04-29 02:46:47 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-04-29 02:46:47 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-04-29 02:37:38 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2009-04-29 02:07:54 ----D---- C:\WINDOWS\ie8updates
2009-04-29 02:05:55 ----HDC---- C:\WINDOWS\ie8
2009-04-29 01:26:16 ----D---- C:\Netgear
2009-04-28 21:20:41 ----D---- C:\WINDOWS\Prefetch
2009-04-28 21:15:44 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-28 21:15:34 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-28 21:15:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-28 21:15:10 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-28 21:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-28 21:13:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-28 21:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-28 21:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-28 21:06:42 ----D---- C:\WINDOWS\system32\en-us
2009-04-28 21:06:41 ----D---- C:\WINDOWS\system32\scripting
2009-04-28 21:06:40 ----D---- C:\WINDOWS\system32\en
2009-04-28 21:06:39 ----D---- C:\WINDOWS\system32\bits
2009-04-28 19:26:18 ----D---- C:\Program Files\Norton Security Scan
2009-04-28 18:30:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-04-28 18:30:43 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-04-28 18:30:41 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-28 18:30:39 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-04-28 18:30:39 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-04-28 18:30:35 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-04-28 18:30:30 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-28 18:30:30 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-28 18:30:24 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-04-28 18:30:21 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-04-28 18:30:20 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-28 18:30:20 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-28 18:30:20 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-28 18:30:20 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-28 18:30:19 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-28 18:30:15 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-28 18:30:12 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-28 18:30:11 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-28 18:30:09 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-28 18:30:08 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-28 18:30:07 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-28 18:30:07 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-28 18:30:07 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-28 18:30:05 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-04-28 18:30:02 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-28 18:29:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-04-28 18:29:51 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-28 18:29:51 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-28 18:29:51 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-28 18:29:50 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-28 18:29:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-04-28 18:29:47 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-28 18:29:47 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-28 18:29:35 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-28 18:29:34 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-28 18:29:34 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-28 18:29:34 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-28 18:29:33 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-04-28 18:29:29 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-28 18:29:29 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-28 18:29:28 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-28 18:29:28 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-28 18:29:28 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-28 18:29:27 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-28 18:29:18 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-28 18:29:11 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-04-28 18:29:11 ----A---- C:\WINDOWS\005482_.tmp
2009-04-28 18:29:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-28 18:29:10 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-28 18:29:10 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-28 18:29:10 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-28 18:29:09 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-28 18:29:09 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-28 18:29:09 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-28 18:29:09 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-28 18:29:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-28 18:29:04 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-28 18:29:04 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-28 18:29:03 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-28 18:29:00 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-28 18:28:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-28 18:28:44 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-28 18:28:42 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-04-28 18:28:42 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-28 18:28:42 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-04-28 18:28:41 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-04-28 18:28:41 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-04-28 18:28:41 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-28 18:28:41 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-04-28 18:28:37 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-28 17:16:40 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-28 16:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-04-28 16:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-28 16:28:46 ----D---- C:\PFiles
2009-04-28 16:26:12 ----D---- C:\WINDOWS\system32\Adobe
2009-04-28 16:23:27 ----D---- C:\Program Files\NOS
2009-04-28 16:23:27 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-04-28 16:07:05 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Adobe
2009-04-28 15:38:19 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-28 15:38:18 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-04-28 15:35:39 ----RSHD---- C:\cmdcons
2009-04-28 15:35:26 ----D---- C:\WINDOWS\setupupd
2009-04-28 15:24:23 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Ventrilo
2009-04-28 15:21:56 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Malwarebytes
2009-04-28 15:20:59 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\MSNInstaller
2009-04-28 15:07:25 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-28 15:07:24 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-28 14:46:15 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Mozilla
2009-04-28 06:53:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Template
2009-04-28 06:50:10 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Macromedia
2009-04-28 06:43:26 ----A---- C:\WINDOWS\system32\SETB0.tmp
2009-04-28 06:43:09 ----A---- C:\WINDOWS\system32\SET8C.tmp
2009-04-28 06:41:08 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-04-28 06:40:23 ----ASH---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\desktop.ini
2009-04-28 06:40:20 ----SD---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Microsoft
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Symantec
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Sun
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\SampleView
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Real
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Identities
2009-04-28 06:40:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Application Data\Apple Computer
2009-04-28 06:38:21 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-28 06:38:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-28 06:38:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-28 06:38:21 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-04-28 06:38:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-28 06:37:20 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-04-28 06:35:58 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-04-28 06:34:03 ----A---- C:\WINDOWS\system32\uninst_nrm_silently.txt
2009-04-28 06:33:59 ----A---- C:\WINDOWS\system32\uninst_net_silently.txt
2009-04-28 06:33:41 ----A---- C:\WINDOWS\system32\uninst_smb_silently.txt
2009-04-28 06:32:11 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-04-28 05:30:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-25 19:58:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-25 15:05:11 ----HD---- C:\$AVG8.VAULT$
2009-04-25 14:57:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-20 17:41:50 ----D---- C:\Program Files\Ventrilo
2009-04-20 17:41:43 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-04-20 17:41:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-17 03:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-17 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-17 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-17 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-17 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-17 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-05 12:57:06 ----D---- C:\Program Files\Windows Installer Clean Up
2009-04-05 12:56:47 ----D---- C:\Program Files\MSECACHE
2009-04-05 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-05 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-04 02:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-04-04 02:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-04 02:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-04 02:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-04 02:18:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-04 02:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-04 02:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-04 02:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-04 02:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-04 02:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-04 02:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-04 02:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-04 02:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-04 02:16:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-04 02:16:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-04 02:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-04 02:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-04 02:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-04 02:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-04 02:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-04 02:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-04 02:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-04 02:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-04 02:14:31 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-04 02:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-04 02:03:34 ----D---- C:\WINDOWS\l2schemas
2009-04-04 01:59:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-04 01:56:19 ----D---- C:\WINDOWS\network diagnostic
2009-04-04 01:46:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-04 01:45:44 ----D---- C:\WINDOWS\EHome
2009-04-03 01:13:58 ----SHD---- C:\RECYCLER
2009-04-01 23:56:49 ----D---- C:\gmer
2009-03-30 19:37:19 ----D---- C:\61a6a084a8e2b77417d0
2009-03-30 01:39:05 ----A---- C:\WINDOWS\bdagent.INI
2009-03-30 00:43:06 ----D---- C:\Program Files\BitDefender
2009-03-30 00:43:06 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-03-30 00:40:58 ----D---- C:\Program Files\Common Files\BitDefender
2009-03-29 13:24:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-28 12:24:15 ----D---- C:\WINDOWS\ERDNT
2009-03-28 12:15:44 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-03-25 07:22:42 ----A---- C:\WINDOWS\msoffice.ini
2009-03-23 15:36:25 ----D---- C:\Program Files\Trend Micro
2009-03-23 14:28:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-22 17:29:26 ----A---- C:\WINDOWS\aolback.exe.lnk
2009-03-22 17:28:46 ----D---- C:\Program Files\Common Files\aolback
2009-03-22 17:15:41 ----HD---- C:\TEMP
2009-03-19 08:08:50 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-03-19 08:08:50 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-03-18 17:31:14 ----D---- C:\mcafee_mcpr
2009-03-18 16:46:49 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-03-18 06:41:39 ----D---- C:\Documents and Settings\All Users\Application Data\Ascentive
2009-03-16 23:01:17 ----D---- C:\Program Files\AVG
2009-03-16 16:19:01 ----A---- C:\WINDOWS\wininit.ini
2009-03-16 15:24:54 ----D---- C:\Program Files\Windows Live Safety Center

======List of files/folders modified in the last 2 months======

2009-05-15 01:32:45 ----D---- C:\Program Files\Mozilla Firefox
2009-05-15 01:31:07 ----D---- C:\WINDOWS\system32
2009-05-15 01:31:05 ----D---- C:\WINDOWS
2009-05-15 01:29:15 ----A---- C:\WINDOWS\system.ini
2009-05-15 01:27:38 ----D---- C:\WINDOWS\system32\drivers
2009-05-15 01:27:38 ----D---- C:\WINDOWS\AppPatch
2009-05-15 01:27:36 ----D---- C:\Program Files\Common Files
2009-05-15 01:24:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-15 01:24:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-15 01:17:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-13 15:03:05 ----D---- C:\WINDOWS\system32\FxsTmp
2009-05-11 18:42:35 ----SD---- C:\WINDOWS\Tasks
2009-05-07 01:48:05 ----RD---- C:\Program Files
2009-05-07 01:48:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-06 01:18:18 ----SHD---- C:\WINDOWS\Installer
2009-05-06 01:18:18 ----SHD---- C:\Config.Msi
2009-05-06 01:15:57 ----D---- C:\Program Files\Java
2009-04-30 03:00:34 ----D---- C:\WINDOWS\WinSxS
2009-04-29 02:59:46 ----A---- C:\WINDOWS\win.ini
2009-04-29 02:56:52 ----HD---- C:\WINDOWS\inf
2009-04-29 02:56:52 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-04-29 02:49:59 ----D---- C:\WINDOWS\twain_32
2009-04-29 02:14:03 ----D---- C:\WINDOWS\Media
2009-04-29 02:14:03 ----D---- C:\WINDOWS\Help
2009-04-29 02:14:03 ----D---- C:\Program Files\Internet Explorer
2009-04-29 02:07:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-29 02:07:38 ----A---- C:\WINDOWS\imsins.BAK
2009-04-29 02:07:16 ----D---- C:\WINDOWS\system32\config
2009-04-29 02:04:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-29 02:01:17 ----D---- C:\Program Files\Messenger
2009-04-29 01:55:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-28 21:23:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-28 21:21:49 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-28 21:20:42 ----A---- C:\WINDOWS\setuplog.txt
2009-04-28 21:20:07 ----D---- C:\WINDOWS\system32\Setup
2009-04-28 21:20:07 ----D---- C:\WINDOWS\ime
2009-04-28 21:20:06 ----D---- C:\WINDOWS\system32\wbem
2009-04-28 21:20:05 ----RSD---- C:\WINDOWS\Fonts
2009-04-28 21:19:25 ----D---- C:\WINDOWS\security
2009-04-28 21:07:25 ----D---- C:\Program Files\Windows Media Player
2009-04-28 21:06:42 ----D---- C:\WINDOWS\system32\usmt
2009-04-28 21:06:39 ----D---- C:\WINDOWS\PeerNet
2009-04-28 21:06:39 ----D---- C:\Program Files\Movie Maker
2009-04-28 21:06:28 ----D---- C:\WINDOWS\system32\Restore
2009-04-28 21:06:28 ----D---- C:\WINDOWS\system32\npp
2009-04-28 21:06:27 ----D---- C:\WINDOWS\msagent
2009-04-28 21:06:25 ----D---- C:\WINDOWS\srchasst
2009-04-28 21:06:23 ----D---- C:\Program Files\NetMeeting
2009-04-28 21:06:21 ----D---- C:\WINDOWS\system32\Com
2009-04-28 21:06:18 ----D---- C:\Program Files\Windows NT
2009-04-28 21:06:18 ----D---- C:\Program Files\Outlook Express
2009-04-28 21:06:14 ----D---- C:\Program Files\Common Files\System
2009-04-28 21:05:52 ----D---- C:\WINDOWS\system32\oobe
2009-04-28 21:05:49 ----D---- C:\WINDOWS\system
2009-04-28 17:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-04-28 17:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-28 17:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-28 17:13:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-28 17:11:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-28 17:02:33 ----D---- C:\WINDOWS\Registration
2009-04-28 16:28:19 ----D---- C:\Program Files\QuickTime
2009-04-28 16:05:29 ----RASH---- C:\boot.ini
2009-04-28 15:56:43 ----D---- C:\Documents and Settings
2009-04-28 15:35:39 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-04-28 15:35:35 ----D---- C:\WINDOWS\setup.pss
2009-04-28 15:31:10 ----D---- C:\Program Files\Easy Internet signup
2009-04-28 15:21:01 ----D---- C:\Program Files\MSN
2009-04-28 15:08:30 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-04-28 15:08:14 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-04-28 15:07:42 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-04-28 15:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-04-28 15:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-28 15:02:35 ----D---- C:\Program Files\Common Files\Real
2009-04-28 06:51:18 ----D---- C:\Program Files\Common Files\AOL
2009-04-28 06:39:00 ----SHD---- C:\System Volume Information
2009-04-28 06:38:34 ----D---- C:\sysprep
2009-04-28 06:36:55 ----RASH---- C:\BOOT.BAK
2009-04-28 06:32:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-28 05:44:28 ----HD---- C:\hp
2009-04-28 05:41:44 ----D---- C:\Program Files\Common Files\Services
2009-04-28 05:41:22 ----D---- C:\WINDOWS\system32\ras
2009-04-28 05:40:57 ----D---- C:\WINDOWS\system32\icsxml
2009-04-28 05:40:57 ----D---- C:\WINDOWS\system32\ias
2009-04-28 05:38:59 ----RD---- C:\WINDOWS\Web
2009-04-28 05:38:59 ----D---- C:\WINDOWS\addins
2009-04-28 05:38:45 ----D---- C:\WINDOWS\Cursors
2009-04-28 05:38:39 ----RHD---- C:\MSOCache
2009-04-28 05:38:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-28 05:38:31 ----RSD---- C:\WINDOWS\assembly
2009-04-27 15:12:34 ----D---- C:\WINDOWS\pss
2009-04-25 19:57:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-25 19:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-04 13:14:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-04-04 07:35:47 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-04-03 01:42:43 ----D---- C:\Program Files\Three Rings Design
2009-03-30 23:00:41 ----D---- C:\Program Files\WinAce
2009-03-28 12:37:06 ----D---- C:\Program Files\Viewpoint
2009-03-28 12:13:54 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-03-22 14:55:09 ----D---- C:\Program Files\LimeWire
2009-03-22 12:19:41 ----D---- C:\Program Files\DNA
2009-03-22 12:12:56 ----D---- C:\Program Files\BitTorrent
2009-03-21 07:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-18 21:04:45 ----D---- C:\Program Files\Incomplete
2009-03-17 20:55:52 ----D---- C:\WINDOWS\occache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-17 12160]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2003-12-04 263296]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040625.019\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2003-12-04 10688]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2003-12-04 164512]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2003-12-04 46336]
R3 SYMIDSCO;SYMIDSCO; C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS [2003-12-04 136704]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2003-12-04 51520]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2003-12-04 16288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
R4 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\catchme.sys []
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-07-06 2185408]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-19 218112]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-09 255648]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2005-02-28 218736]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-09 235168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2004-06-04 174208]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2003-12-04 197856]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2006-03-09 87712]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920]
S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-04-21 401408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-11-07 193816]

-----------------EOF-----------------

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 15 May 2009 - 08:23 AM

Hi Kittenofdoom,



I notice there is one unwanted program installed in your system. This unwanted program is sometimes malware related or potential hazard to your security. You're well advised to remove them.

Click Start > Settings > Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight

Full Tilt Poker

and click on Change/Remove to remove it.


Step1

GooredFix - Option 2. Ensure all instances of Firefox are closed
  • Double-click Goored.exe on your Desktop to run it
  • Select 2. Fix Goored by typing 2 & pressing Enter
  • Type y at the prompt then press Enter
  • A log will open, post the contents of that log in your next reply along with a new HijackThis log

Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    • Java™ 6 Update 7
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Step3

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.


1.GooredFix log
2.KAS Scan Report
3.Fresh HJT log

Tell me how your pc is running now.

#9 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 15 May 2009 - 10:24 PM

For some dumb reason I can't install Java. I keep getting the 25099 error, which says "Unzipping Core Files Failed". I followed all of Java's steps to remedy this, including uninstalling all previous Java versions and using the Install Cleanup utility, and am still getting the same error. I've already contacted them, but do you have any idea what might be wrong?

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 16 May 2009 - 02:40 AM

Hi Kittenofdoom,

Hope this helps.

http://www.java.com/en/download/help/error_25099.xml

#11 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 16 May 2009 - 05:40 AM

Hi Kittenofdoom,

Hope this helps.

http://www.java.com/en/download/help/error_25099.xml

I have already done everything they'd recommended, and the supposed source of the problem, jqs.exe, doesn't even exist in my processes. Is there another scanner I can use besides a java-based one like Kapersky?

#12 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 16 May 2009 - 06:24 AM

It seems Java remnants from before the system wipe were hiding from Add/Remove programs and Install Cleanup. It successfully installed after I deleted the last few scraps. I'll go through with the rest now, thanks!

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 16 May 2009 - 01:26 PM

Hi Kittenofdoom,


OK, I will give another one, just in case. :thumbup2:


Step1

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.


#14 Kittenofdoom

Kittenofdoom
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 17 May 2009 - 06:30 AM

I'd say the computer is running mostly okay. The latter two problems in the thread title stopped after the system was flattened, and I don't seem to be getting any google redirects. It's been pointed out that maybe things are booting up a bit slowly, but I'm not sure.

1.GooredFix log (May be a little wonky thanks to some system restores, here's an updated log with no fix)

GooredFix v1.92 by jpshortstuff
Log created at 04:29 on 17/05/2009 running Option #1 (Compaq_Owner)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


2.KAS Scan Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 16, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 16, 2009 23:37:33
Records in database: 2186558
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\Compaq_Owner.YOUR-45C550F850\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 72054
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:33:12

No malware has been detected. The scan area is clean.

The selected area was scanned.

3.Fresh HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:24 AM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://b3ta.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6738 bytes

Edited by Kittenofdoom, 17 May 2009 - 06:32 AM.


#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:25 AM

Posted 17 May 2009 - 06:50 AM

Hi Kittenofdoom,



The logs look good. You are all clean now. :thumbup2: If you have no remaining issues on your pc, then let's do some tidy up.

Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2
  • Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:

    Please referring this thread to configure Internet Explorer 8 properly.

  • Update your Your Adobe Acrobat Reader

    Old versions may render vulnerabilities that malware can use to infect your system. Please download Adobe Reader 9 to your desktop.
    Uninstall the old Adobe Reader from Start > Control Panel > Add/Remove Programs. Install the new one.

  • Install a-squared Free -a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers

    A tutorial on installing & using this product can be found here:

    Clean your PC with a-squared Free

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users