Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Pudlian

Pudlian

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 28 April 2009 - 07:46 PM

Hello,

I seem to have been attacked by a very nasty virus. I ran Ad-Aware, Spybot and Malwarebytes, but neither could fix any problems.

I visited the "Conficker eye chart" at http://www.confickerworkinggroup.org/infec...cfeyechart.html and it showed that I may be infected with the A or B variant of the virus.

Furthermore, everytime I run HJT, a "Path/File access error" occers, so I'm not sure if this logfile will be complete.

Thank you so much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:06 PM, on 28/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program Files\ThunMail\testabd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.infinit.com/
O2 - BHO: (no name) - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - (no file)
O4 - HKLM\..\Run: [15938] C:\eftkguwn.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\HP_Owner\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\op86q.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\op86q.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2919844234.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Mike\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00F2A1DF0C.exe] C:\WINDOWS\TEMP\_A00F2A1DF0C.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingda...sh.1.0.0.47.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\merilaro.dll c:\windows\system32\zabinose.dll,c:\progra~1\ThunMail\testabd.dll,
O20 - Winlogon Notify: __c00746ab - C:\WINDOWS\system32\__c00746AB.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: sopidkc Service (sopidkc) - 65.543.235.12 - C:\WINDOWS\system32\sopidkc.exe

--
End of file - 8936 bytes

Error Details:

An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #75 - Path/File access error

Windows version: Windows NT 5.01.2600
MSIE version: 7.0.5730.11
HijackThis version: 2.0.2

BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 PM

Posted 28 April 2009 - 10:30 PM

Hello, Pudlian.
My name is aommaster and I will be helping you with your log.


If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 Pudlian

Pudlian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 28 April 2009 - 11:20 PM

Thanks so much for your help.
Just one thing, when RSIT ran HJT, the same error occurred. Is that significant at all?
Regardless, here are the logs you requested:

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-04-29 00:17:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (18%) free of 71 GB
Total RAM: 447 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:24 AM, on 29/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\tpsaxyd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe
C:\WINDOWS\system32\dncyool64.sys

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.infinit.com/
O2 - BHO: (no name) - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - (no file)
O4 - HKLM\..\Run: [15938] C:\eftkguwn.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\HP_Owner\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [tezrtsjhfr84iusjfo84f] C:\WINDOWS\TEMP\csrssc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\op86q.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\op86q.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2919844234.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Mike\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00F2A1DF0C.exe] C:\WINDOWS\TEMP\_A00F2A1DF0C.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinit.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave.com/content/dinerdash...tg.1.0.0.33.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingda...sh.1.0.0.47.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\merilaro.dll c:\windows\system32\zabinose.dll,c:\progra~1\ThunMail\testabd.dll,
O20 - Winlogon Notify: __c00746ab - C:\WINDOWS\system32\__c00746AB.dat
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service (lavasoft ad-aware service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: sopidkc Service (sopidkc) - 65.543.235.12 - C:\WINDOWS\system32\sopidkc.exe

--
End of file - 9210 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"15938"=C:\eftkguwn.exe [2009-04-28 44544]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-04-29 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=C:\DOCUME~1\HP_Owner\protect.dll [2009-04-28 24064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 35840]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1339392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10047]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10421]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\10474]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1108]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1169]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11690]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11984]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\11999]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12178]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12246]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12376]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12383]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12605]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12646]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13005]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13733]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1378]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\13801]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14064]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14117]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14327]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14335]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14784]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\14971]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\15047]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\15245]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\15851]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\16000]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\16107]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1657]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\16746]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\16994]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17022]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17067]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17090]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17105]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17227]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\17414]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18053]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18172]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\18354]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1920]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2011]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20627]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20652]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20854]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\20996]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\21072]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\21358]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\21370]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\21438]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\21651]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2198]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22070]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\22730]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2476]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24864]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25096]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25230]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25572]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25607]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\25908]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\26388]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\26540]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2655]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\27321]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\27912]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28130]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2827]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28388]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28469]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28514]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\29070]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\29288]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\29303]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\29437]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2994]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30122]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30203]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30241]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30789]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\30827]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31060]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31323]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31338]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31464]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31654]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31947]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\31960]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3204]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\32622]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3451]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3619]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3999]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4008]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4263]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5292]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5315]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5426]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\5623]
C:\eftkguwn.exe [2009-04-28 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 134144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 50176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSMQSVC"=2

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\merilaro.dll c:\windows\system32\zabinose.dll,c:\progra~1\ThunMail\testabd.dll,"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00746ab]
C:\WINDOWS\system32\__c00746AB.dat [2009-04-28 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zabinose.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\merilaro.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lavasoft ad-aware service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lavasoft ad-aware service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"BackupNoCDBurning"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars™: Empire at War™"
"C:\Program Files\limewire2\LimeWire\LimeWire.exe"="C:\Program Files\limewire2\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-11-07 20:44:24 ----D---- C:\Program Files\K-Meleon
2009-04-29 00:17:08 ----D---- C:\rsit
2009-04-28 23:49:51 ----A---- C:\WINDOWS\system32\lmppcsetup.exe
2009-04-28 23:21:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-28 22:43:00 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-28 22:42:54 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-28 22:42:54 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-04-28 22:42:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-28 22:02:56 ----D---- C:\Documents and Settings\HP_Owner\Application Data\uTorrent
2009-04-28 21:53:25 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Simply Super Software
2009-04-28 18:52:08 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-04-28 18:46:51 ----D---- C:\KAV
2009-04-28 18:46:34 ----D---- C:\Documents and Settings\HP_Owner\Application Data\WinRAR
2009-04-28 10:02:35 ----A---- C:\WINDOWS\system32\winglsetup.exe
2009-04-27 22:25:27 ----D---- C:\Program Files\7-Zip
2009-04-27 21:48:44 ----A---- C:\WINDOWS\system32\D.tmp
2009-04-27 21:48:26 ----A---- C:\WINDOWS\system32\B.tmp
2009-04-27 21:48:24 ----A---- C:\WINDOWS\system32\7.tmp
2009-04-27 19:46:01 ----A---- C:\WINDOWS\system32\A.tmp
2009-04-27 19:45:37 ----A---- C:\WINDOWS\system32\6.tmp
2009-04-27 19:45:12 ----A---- C:\WINDOWS\system32\5.tmp
2009-04-27 19:42:19 ----A---- C:\WINDOWS\system32\loader49.exe
2009-04-27 10:06:25 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-27 09:51:03 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-27 09:50:44 ----D---- C:\Program Files\Lavasoft
2009-04-27 09:50:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-27 09:25:48 ----D---- C:\Program Files\Trend Micro
2009-04-27 08:28:25 ----A---- C:\lsass.exe
2009-04-27 08:00:04 ----A---- C:\WINDOWS\system32\yhs783ijfo3fe.dll
2009-04-27 08:00:03 ----A---- C:\WINDOWS\system32\ak1.exe
2009-04-27 07:45:11 ----A---- C:\WINDOWS\system32\ntdll64.exe
2009-04-27 07:45:04 ----A---- C:\WINDOWS\system32\frmwrk32.exe
2009-04-27 07:45:02 ----A---- C:\WINDOWS\system32\loader266.exe
2009-04-27 07:44:00 ----A---- C:\WINDOWS\system32\ftp_non_crp.exe
2009-04-26 19:40:16 ----A---- C:\WINDOWS\system32\9.tmp
2009-04-26 19:30:07 ----A---- C:\WINDOWS\system32\3.tmp
2009-04-26 19:04:45 ----A---- C:\WINDOWS\system32\8.tmp
2009-04-26 19:04:36 ----A---- C:\WINDOWS\system32\4.tmp
2009-04-26 17:17:58 ----A---- C:\WINDOWS\system32\dsfsjhfjidfdsf.dll
2009-04-26 17:16:51 ----D---- C:\WINDOWS\system32\3361
2009-04-26 17:16:44 ----D---- C:\WINDOWS\dhcp
2009-04-26 17:16:28 ----RSHD---- C:\Program Files\ThunMail
2009-04-26 17:16:08 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-26 17:15:24 ----A---- C:\pdtivk.exe
2009-04-26 17:14:51 ----A---- C:\WINDOWS\system32\sjg9s8guigjs.dll
2009-04-26 17:14:50 ----A---- C:\eftkguwn.exe
2009-04-26 17:09:28 ----A---- C:\WINDOWS\system32\prnet.tmp
2009-04-16 09:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 09:26:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 09:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 09:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 09:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 09:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 07:45:38 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-04 21:53:02 ----A---- C:\WINDOWS\UniFish3.exe
2009-04-04 21:52:48 ----D---- C:\Program Files\Hasbro Interactive

======List of files/folders modified in the last 1 months======

2009-04-29 00:17:14 ----D---- C:\WINDOWS\system32
2009-04-29 00:05:39 ----D---- C:\WINDOWS\Temp
2009-04-28 23:55:20 ----D---- C:\Program Files\Mozilla Firefox
2009-04-28 23:31:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-28 23:21:29 ----D---- C:\WINDOWS
2009-04-28 23:20:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-28 23:13:29 ----D---- C:\WINDOWS\Minidump
2009-04-28 22:58:28 ----D---- C:\WINDOWS\Prefetch
2009-04-28 22:42:57 ----SHD---- C:\WINDOWS\Installer
2009-04-28 22:42:57 ----HD---- C:\Config.Msi
2009-04-28 22:42:54 ----D---- C:\Program Files
2009-04-28 22:42:31 ----D---- C:\Program Files\Common Files
2009-04-28 21:54:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-28 18:48:29 ----D---- C:\WINDOWS\system32\drivers
2009-04-28 18:48:29 ----D---- C:\Program Files\Symantec
2009-04-28 18:48:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-27 19:11:37 ----RASH---- C:\boot.ini
2009-04-27 19:11:37 ----N---- C:\WINDOWS\WIN.INI
2009-04-27 19:11:37 ----A---- C:\WINDOWS\system.ini
2009-04-27 10:05:22 ----H---- C:\WINDOWS\system32\ntoskrnl.exe
2009-04-27 09:52:49 ----HD---- C:\WINDOWS\inf
2009-04-27 09:52:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-27 09:52:06 ----SD---- C:\WINDOWS\Tasks
2009-04-27 09:50:37 ----D---- C:\WINDOWS\WinSxS
2009-04-27 07:45:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-26 17:17:17 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-26 17:17:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-26 17:16:11 ----D---- C:\WINDOWS\system32\wbem
2009-04-26 17:14:54 ----A---- C:\WINDOWS\system32\svchost.exe
2009-04-26 17:14:48 ----ASH---- C:\WINDOWS\system32\gunoruwe.dll
2009-04-23 20:21:34 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-04-22 08:33:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-21 15:47:00 ----D---- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2009-04-19 16:17:14 ----D---- C:\WINDOWS\network diagnostic
2009-04-18 13:02:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 15:26:13 ----D---- C:\WINDOWS\AppPatch
2009-04-16 09:26:37 ----A---- C:\WINDOWS\imsins.BAK
2009-04-16 09:26:15 ----D---- C:\WINDOWS\system32\en-US
2009-04-16 09:26:15 ----D---- C:\Program Files\Internet Explorer
2009-04-16 09:23:21 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-02-12 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-02-12 33792]
R1 sasdifsv;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 saskutil;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-17 12160]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-03-26 5504]
R2 MaVctrl;MaVctrl; C:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-09-19 47360]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 sasenum;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-02-12 112384]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 aswy2fq8;aswy2fq8; C:\WINDOWS\system32\drivers\aswy2fq8.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device; C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-10-03 16128]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-19 218112]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 antivirscheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2006-04-05 54824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 131072]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-09 238968]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-02-12 944640]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 81920]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe [2008-01-29 583048]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2009-04-26 34816]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-10-30 66872]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-04 193024]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-04-26 34816]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 lavasoft ad-aware service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 antivirservice;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2006-04-07 211496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 288256]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 94208]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-15 504104]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-08-04 3220856]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 794624]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 282624]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-19 86016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 286720]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 933888]

-----------------EOF-----------------


INFO

info.txt logfile of random's system information tool 1.06 2009-04-29 00:17:28

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Spyware Guard 2008\uninstall.exe
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
Agere Systems PCI Soft Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcExplorer--Java Edition for Education-->"C:\ESRI\AEJEE\Uninstall_ArcExplorer--Java Edition for Education\Uninstall ArcExplorer--Java Edition for Education.exe"
ArcGIS Explorer-->MsiExec.exe /I{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}
ArcSoft PhotoImpression 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audacity 1.3.6 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir PersonalEdition Classic-->C:\Program Files\AntiVir PersonalEdition Classic\setup.exe /REMOVE
Condition Zero-->"C:\PROGRA~1\Valve\Steam\steam.exe" steam://uninstall/80
ConvertXtoDVD 2.2.3.258-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Copy Utility-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Copy Utility\Uninst.isu"
Counter-Strike-->"C:\PROGRA~1\Valve\Steam\steam.exe" steam://uninstall/10
Creative PlayCenter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\CTSND\PlayCenter\Player.isu"
Creative Recorder-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\CTSND\PlayCenter\Recorder.isu"
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Day of Defeat-->"C:\PROGRA~1\Valve\Steam\steam.exe" steam://uninstall/30
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EPSON Photo Print-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EPSON\Photo Print\Uninst.isu"
EPSON Smart Panel-->C:\Program Files\EPSON\Smart Panel\SPUninst.exe
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" UNINSTALL
Flash&Backup-->C:\Documents and Settings\Chrissii\My Documents\Flash&Backup 3\uninstall.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone Plus 4.2-->C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{9D404F8F-05A1-4734-9550-6EC2FEE916B8}\setup\hpzscr01.exe -datfile hphscr10.dat -showdisconnect -forcereboot
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
K-Meleon 1.5.1 en-US (remove only)-->C:\Program Files\K-Meleon\uninstall.exe
Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU15.inf
Lemmings-->"C:\Program Files\Lemmings\unins000.exe"
LimeWire 4.18.8-->"C:\Program Files\limewire2\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Lux Delux 5.72-->"C:\Program Files\Lux Delux\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Motorola W385 USB - Handset Manager V9.5-->MsiExec.exe /I{A918DE8A-98C8-0950-0000-000000380093}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (3.0b2)-->C:\Program Files\Mozilla Firefox 3 Beta 2\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Music Rescue 3.1.2-->"C:\Program Files\Music Rescue\unins000.exe"
Musicnotes Player V1.23.1-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Nero 7 Essentials-->MsiExec.exe /X{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NVIDIA GART Driver-->C:\WINDOWS\system32\nvugart.exe Uninstall C:\WINDOWS\system32\nvgart.nvu,NVIDIA GART Driver
Paint.NET v3.35-->MsiExec.exe /X{20AC583C-A6FB-410A-807D-25308225C201}
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Pixia-->C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe -runfromtemp -l0x0009 -removeonly
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rio Taxi-->MsiExec.exe /X{434C733C-27FA-423E-8CDC-F72B55631BA5}
Roll-->C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Samsung Media Studio-->C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0009 -removeonly
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG
Security Advisor-->MsiExec.exe /I{AB4862FB-0396-4E75-A523-850577EBFC73}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sibelius Scorch Plugin-->"C:\Program Files\Musicnotes\uninstsc.exe"
SimCity 2000® Special Edition-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimCity 2000\DeIsL1.isu"
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sony Ericsson DRM Packager 1.35-->C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.3-->"C:\dvdshow\Spybot - Search & Destroy\unins000.exe"
Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x0009 -removeonly
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Sims Livin' Large-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2727FBEF-3155-11D4-8F73-0050DA0F6297}\setup.exe"
TVUPlayer 2.3.5.3-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Vidéotron Service Agent 1.5.20-->"C:\Program Files\Vidéotron\Vidéotron Service Agent\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

O23 - Service: AntiVir PersonalEdition Classic Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2009-04-27]
O23 - Service: AntiVir PersonalEdition Classic Guard (antivirservice) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2009-04-27]

Hosts File Missing
======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled) (outdated)
FW: Norton AntiVirus

======System event log======

Computer Name: XP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00112F69FF53. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14332
Source Name: Dhcp
Time Written: 20090425190257.000000-240
Event Type: warning
User:

Computer Name: XP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14271
Source Name: Tcpip
Time Written: 20090425145715.000000-240
Event Type: warning
User:

Computer Name: XP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14217
Source Name: Tcpip
Time Written: 20090423203609.000000-240
Event Type: warning
User:

Computer Name: XP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14129
Source Name: Tcpip
Time Written: 20090421221452.000000-240
Event Type: warning
User:

Computer Name: XP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 13966
Source Name: Tcpip
Time Written: 20090420100542.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: XP
Event Code: 1002
Message: Hanging application RecordNow.exe, version 7.2.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9743
Source Name: Application Hang
Time Written: 20090323203244.000000-240
Event Type: error
User:

Computer Name: XP
Event Code: 1002
Message: Hanging application RecordNow.exe, version 7.2.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9742
Source Name: Application Hang
Time Written: 20090323203154.000000-240
Event Type: error
User:

Computer Name: XP
Event Code: 1002
Message: Hanging application RecordNow.exe, version 7.2.7.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9741
Source Name: Application Hang
Time Written: 20090323202900.000000-240
Event Type: error
User:

Computer Name: XP
Event Code: 1517
Message: Windows saved user XP\Chrissii registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9699
Source Name: Userenv
Time Written: 20090322223818.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: XP
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 9694
Source Name: usnjsvc
Time Written: 20090322220731.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEFAULT_CA_NR"=CA6
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


Thanks again

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 PM

Posted 29 April 2009 - 06:09 PM

Hello, Pudlian.
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 Pudlian

Pudlian
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 29 April 2009 - 09:47 PM

When attempting to run ComboFix, I recieved this error:

---------------------------
Error
---------------------------
!! ALERT !! It is NOT SAFE to continue!



The contents of the ComboFix package has been compromised.

Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus (Virut)



I reinstalled Combofix again and the same error occured.

Also, I was planning on reformatting my computer after this whole virus ordeal. However, I was wondering if I would be able to use a portable hard drive to copy some documents, pictures, ect. Would the drive become infected as well?

Thanks as always

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:34 PM

Posted 30 April 2009 - 12:27 PM

Hi Pudlian
Glad to be of help :thumbup2:

First of all, with regards to your combofix run:
It is highly possible that you are infected with a virut infection. This is what I normally say to those that are infected:


Your System is infected with Virut!!
Virut is a file infecting virus which is able to modify itself each and every time it runs. In addition, when it infects, sometimes it will destroy the file it tries to latch onto.
For these reasons, you really can't truly fix Virut. You will need to format/reinstall the operating system on this machine.

More information:
http://free.avg.com/66558

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus.


http://home.mcafee.com/VirusInfo/VirusProf...aspx?key=143034

W32/Virut.h is a polymorphic, entry point obscuring (EPO) file infector with IRC bot functionality. It can accept commands to download other malware on the compromised machine.
It appends to the end of the last section of executable (PE) files an encrypted copy of its code. The decryptor is polymorphic and can be located either:
Immediately before the encrypted code at the end of the last section
At the end of the code section of the infected host in 'slack-space' (assuming there is any)
At the original entry point of the host (overwriting the original host code)


Miekiemoes, one of our team members here and an MS-MVP, additionally has a blog post about Virut.


In essence, if you are infected with a virut, you have no other option but to format your computer.

Now, with regards to your question about backing up your files:
It really depends on the file types that you are trying to copy across. Please note that ALL file types can be infected with virusses, however, some files (such as exe and scr files) are infected easier. In response to your question, I would say document files that do not have macros enabled, pictures should be fine.

Remember, files like .exe and .scr are prone to infections faster than files such as .doc, .jpg, etc. so be careful about what type of file you're trying to back up. If you are not sure about the type, or whether or not the file could be safe, let me know.

One more thing I'd like to add is the method you use to backup the files. My coach suggets you burn a linux cd and then connect your portable drive and do it in a live environment.
He provided me with a link, which can be found below:
http://www.howtogeek.com/howto/windows-vis...ndows-computer/


Let me know if you have any more questions :)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:34 AM

Posted 05 May 2009 - 06:15 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbup2:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users