Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine is redirected and MSN Live Messenger automatically signs out after sign in


  • This topic is locked This topic is locked
22 replies to this topic

#1 scobeck24

scobeck24

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 08 July 2009 - 08:32 PM

Hello. I have been having problems with my google searches being redirected to random websites and my MSN Live Messenger won't stay signed in. I've also noticed a lot of blue screen memory dumps lately. Any help would be greatly appreciated.



DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 20:20:57.54 on Wed 07/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1530 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\hp_administrator\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227762611171
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-29 36480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-9-9 82048]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-29 20480]
S2 C8465F4A064C7874;C8465F4A064C7874;\??\c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\c8465f4a064c7874 --> c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\C8465F4A064C7874 [?]
S2 gupdate1c99a9f98ae086;Google Update Service (gupdate1c99a9f98ae086);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-5-6 141056]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-4-26 72576]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-9-9 468768]

=============== Created Last 30 ================

2009-07-06 10:56 <DIR> --d----- c:\program files\Unity
2009-06-22 20:19 <DIR> --d----- c:\program files\common files\CyberLink

==================== Find3M ====================

2007-01-25 08:24 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 20:22:41.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 17 July 2009 - 05:52 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 17 July 2009 - 07:31 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 19:24:07.45 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1225 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\hp_administrator\local settings\application

data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk -

c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227762611171
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-29 36480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-9-9 82048]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-29 20480]
S2 C8465F4A064C7874;C8465F4A064C7874;\??\c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\c8465f4a064c7874 -->

c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\C8465F4A064C7874 [?]
S2 gupdate1c99a9f98ae086;Google Update Service (gupdate1c99a9f98ae086);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-5-6 141056]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-4-26 72576]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-9-9 468768]

=============== Created Last 30 ================

2009-07-15 22:25 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HSA
2009-07-15 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-07-15 21:25 <DIR> --d----- c:\program files\RealArcade
2009-07-12 11:22 <DIR> --d----- c:\program files\Atari
2009-07-09 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SimCity Societies
2009-07-06 10:56 <DIR> --d----- c:\program files\Unity
2009-06-22 20:19 <DIR> --d----- c:\program files\common files\CyberLink

==================== Find3M ====================

2007-01-25 08:24 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 19:25:50.50 ===============

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 19 July 2009 - 07:38 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New DDS log (both dds.txt and attach.txt).


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 19 July 2009 - 10:28 AM

Combofix reported finding rootkits and listed these files:
C:\Windows\System32\drivers\hjguicsmhnips.sys
C:\Windows\System32\hjgruihpnfgmwt.dll
C:\Windows\System32\hjgruipxdfbmda.dat
C:\Windows\System32\hjgruikhoemqku.dll
C:\Windows\System32\hjgruioswycxry.dat

Here is the log.

ComboFix 09-07-19.01 - HP_Administrator 07/19/2009 10:13.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 01:28 . 2004-05-14 21:53 462848 ----a-w- c:\windows\system32\ltkrn13n.dll
2009-07-19 01:28 . 2004-05-14 21:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2009-07-19 01:28 . 2004-05-14 21:53 299008 ----a-w- c:\windows\system32\ltdis13n.dll
2009-07-19 01:28 . 2004-05-14 21:53 163840 ----a-w- c:\windows\system32\ltfil13n.dll
2009-07-19 01:28 . 2004-05-14 21:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-07-19 01:28 . 2004-05-14 21:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll
2009-07-19 01:28 . 2004-01-12 07:09 206336 ----a-w- c:\windows\system32\ltefx13n.dll
2009-07-19 01:28 . 2003-11-04 20:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-07-18 14:51 . 2009-06-30 14:12 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-18 14:51 . 2009-06-30 14:12 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-18 14:51 . 2009-06-30 14:12 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-18 14:51 . 2009-06-30 14:12 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-18 14:51 . 2009-06-30 14:12 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-18 14:51 . 2009-06-30 14:12 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-18 14:51 . 2009-06-30 14:12 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-18 14:51 . 2009-06-30 14:11 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-18 14:51 . 2009-06-30 14:11 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-18 14:51 . 2009-06-30 14:11 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-18 14:50 . 2009-06-30 14:11 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-18 14:50 . 2009-06-30 14:11 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-16 03:25 . 2009-07-16 03:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HSA
2009-07-16 02:28 . 2009-07-16 02:28 4096 ----a-w- c:\windows\d3dx.dat
2009-07-16 02:27 . 2009-07-16 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-07-16 02:26 . 2009-07-16 03:30 -------- d-----w- C:\GameHouse Games
2009-07-16 02:25 . 2009-07-16 03:30 -------- d-----w- c:\program files\RealArcade
2009-07-13 20:08 . 2009-07-13 20:08 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-07-12 16:45 . 2009-07-12 16:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GHOSTBUSTERS ™
2009-07-12 16:22 . 2009-07-12 16:22 -------- d-----w- c:\program files\Atari
2009-07-09 17:33 . 2009-07-09 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-07-07 02:30 . 2009-07-07 02:30 -------- d-----w- c:\windows\Performance
2009-07-07 02:29 . 2009-07-07 02:29 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Microsoft Corporation
2009-07-06 15:56 . 2009-07-06 15:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Unity
2009-07-06 15:56 . 2009-07-06 15:56 -------- d-----w- c:\program files\Unity
2009-06-30 14:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-30 14:42 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-29 17:43 . 2009-06-29 17:43 36480 ----a-w- c:\windows\system32\drivers\srenum.sys
2009-06-29 17:42 . 2009-06-29 17:42 20480 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-06-29 13:37 . 2009-06-29 13:37 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-28 05:15 . 2009-06-28 05:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-25 13:13 . 2009-06-25 13:14 1140 ----a-w- C:\drmHeader.bin
2009-06-23 01:26 . 2009-06-23 01:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PowerCinema
2009-06-23 01:21 . 2009-06-23 01:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Cyberlink
2009-06-23 01:20 . 2009-06-23 01:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CyberLink
2009-06-23 01:19 . 2009-06-23 01:19 -------- d-----w- c:\program files\Common Files\CyberLink
2009-06-23 01:19 . 2009-06-23 01:33 -------- d-----w- c:\program files\CyberLink
2009-06-23 01:18 . 2009-06-23 01:18 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-06-23 01:18 . 2009-06-23 01:32 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-06-23 01:18 . 2009-06-23 01:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 13:40 . 2008-11-27 14:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-07-18 18:37 . 2009-03-01 18:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-18 14:51 . 2009-04-12 14:45 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 18:12 . 2008-11-27 16:01 138064 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-15 18:12 . 2008-11-27 16:01 189184 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-13 20:08 . 2008-12-30 00:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 16:34 . 2006-09-09 17:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 18:50 . 2006-09-09 17:38 -------- d-----w- c:\program files\HP Games
2009-07-11 18:48 . 2006-09-09 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-07-08 22:37 . 2008-12-07 06:59 -------- d-----w- c:\program files\Coupons
2009-07-06 04:10 . 2009-03-28 03:39 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-30 14:12 . 2009-04-12 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-30 14:12 . 2009-04-12 14:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-28 22:06 . 2009-03-08 15:18 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-23 01:21 . 2006-09-09 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-06-17 16:27 . 2009-03-08 15:18 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 16:27 . 2009-03-08 15:18 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 14:36 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-14 22:04 . 2008-12-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-10 14:41 . 2006-09-09 17:11 -------- d-----w- c:\program files\Java
2009-06-10 14:41 . 2009-06-10 14:41 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 04:59 . 2009-03-01 18:52 -------- d-----w- c:\program files\Google
2009-06-08 17:59 . 2006-09-09 17:41 122984 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 17:44 . 2006-09-09 17:46 -------- d-----w- c:\program files\Quicken
2009-06-07 17:43 . 2009-06-07 17:43 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-06-07 17:43 . 2009-05-16 04:15 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-06-07 14:26 . 2006-09-09 17:46 -------- d-----w- c:\program files\DivX
2009-06-07 14:26 . 2009-05-28 15:45 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 03:20 . 2009-06-07 03:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
2009-06-03 19:09 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 20:30 . 2009-05-28 20:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
2009-05-28 15:09 . 2008-12-09 14:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Move Networks
2009-05-26 21:51 . 2009-05-26 21:51 -------- d-----w- c:\program files\Xvid
2009-05-26 21:41 . 2009-05-26 21:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Media Player Classic
2009-05-26 17:07 . 2009-05-26 17:06 90112 ----a-w- c:\windows\system32\videoul.tmp
2009-05-25 19:18 . 2009-05-25 19:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Xilisoft Corporation
2009-05-21 16:33 . 2008-12-10 16:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 16:03 . 2009-05-19 16:03 0 ----a-w- c:\windows\nsreg.dat
2009-05-19 13:06 . 2009-04-12 14:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-16 04:15 . 2009-05-16 04:15 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-05-16 04:15 . 2009-05-16 04:15 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-05-16 04:15 . 2009-05-16 04:15 1007616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-05-16 04:15 . 2009-05-16 04:15 811008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-05-16 04:14 . 2009-05-16 04:14 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-05-16 04:14 . 2009-05-16 04:14 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-05-13 05:15 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-05-04 03:59 . 2009-05-04 03:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-05-04 03:56 . 2009-05-04 03:55 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-04 03:45 . 2009-05-04 03:45 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2009-05-04 03:45 . 2009-05-04 03:45 17212 ----a-w- c:\windows\system32\SIntf32.dll
2009-05-04 03:45 . 2009-05-04 03:45 12067 ----a-w- c:\windows\system32\SIntf16.dll
2009-05-04 02:45 . 2009-05-04 02:45 34062 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-04 02:45 . 2009-05-04 02:45 1047072 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-01-25 13:24 . 2008-11-27 05:32 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_14.43.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-19 15:11 . 2009-07-19 15:11 16384 c:\windows\Temp\Perflib_Perfdata_9c4.dat
+ 2009-07-13 20:09 . 2009-03-16 19:18 69448 c:\windows\system32\XAPOFX1_3.dll
+ 2009-07-13 20:09 . 2008-10-27 15:04 70992 c:\windows\system32\XAPOFX1_2.dll
+ 2009-07-13 20:09 . 2008-07-30 11:20 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-07-13 20:09 . 2009-03-16 19:18 22360 c:\windows\system32\X3DAudio1_6.dll
+ 2009-07-13 20:09 . 2008-10-27 15:04 23376 c:\windows\system32\X3DAudio1_5.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
- 2005-08-30 20:51 . 2009-06-30 14:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:51 . 2009-07-16 19:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:51 . 2009-07-16 19:50 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 20:51 . 2009-06-30 14:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-06 03:15 . 2009-07-06 03:15 22528 c:\windows\Installer\99cd6.msi
+ 2009-07-15 17:07 . 2009-07-15 17:07 84480 c:\windows\Installer\8fd28.msi
+ 2008-07-30 02:07 . 2008-07-30 02:07 23040 c:\windows\Installer\4e76225.msp
+ 2009-01-28 13:31 . 2009-01-28 13:31 88576 c:\windows\Installer\4e4ad5f.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c9a.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c93.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c8c.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c85.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c7e.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c77.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c70.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c69.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c62.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c5b.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c54.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c4d.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c46.msi
+ 2009-04-08 16:47 . 2009-04-08 16:47 18944 c:\windows\Installer\3f54c3f.msi
+ 2008-11-27 05:15 . 2008-11-27 05:15 51712 c:\windows\Installer\39f1f.msi
+ 2006-09-09 18:08 . 2006-09-09 18:08 82944 c:\windows\Installer\239f7.msi
+ 2006-09-09 17:44 . 2006-09-09 17:44 83968 c:\windows\Installer\23542.msi
+ 2009-03-12 12:57 . 2009-03-12 12:57 25088 c:\windows\Installer\13ffb72.msi
+ 2009-03-12 12:57 . 2009-03-12 12:57 28160 c:\windows\Installer\13ffb5b.msi
+ 2009-03-12 12:56 . 2009-03-12 12:56 83456 c:\windows\Installer\13ffb46.msi
+ 2009-03-12 12:56 . 2009-03-12 12:56 59904 c:\windows\Installer\13ffb3f.msi
+ 2008-11-27 05:29 . 2009-07-15 08:02 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-07-12 16:33 . 2009-07-12 16:33 40960 c:\windows\Installer\{3A1B1652-D70A-4D19-981E-BB15D0DBF253}\ARPPRODUCTICON.exe
+ 2004-08-10 04:00 . 2004-08-09 19:00 66048 c:\windows\I386\WINNT32.MSI
+ 2009-07-09 17:12 . 2009-07-09 17:12 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-11-27 05:29 . 2009-06-11 19:03 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-13 20:09 . 2009-03-16 19:18 517448 c:\windows\system32\XAudio2_4.dll
+ 2009-07-13 20:09 . 2008-10-27 15:04 514384 c:\windows\system32\XAudio2_3.dll
+ 2009-07-13 20:09 . 2008-07-30 11:20 509448 c:\windows\system32\XAudio2_2.dll
+ 2009-07-13 20:09 . 2009-03-16 19:18 235352 c:\windows\system32\xactengine3_4.dll
+ 2009-07-13 20:09 . 2008-10-27 15:04 235856 c:\windows\system32\xactengine3_3.dll
+ 2009-07-13 20:09 . 2008-07-30 11:20 238088 c:\windows\system32\xactengine3_2.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-03-18 22:33 . 2009-06-02 10:12 102912 c:\windows\system32\dllcache\iecompat.dll
+ 2009-07-13 20:09 . 2009-03-09 20:27 453456 c:\windows\system32\d3dx10_41.dll
+ 2009-07-13 20:09 . 2008-10-10 09:52 452440 c:\windows\system32\d3dx10_40.dll
+ 2009-07-13 20:09 . 2008-07-10 16:01 467984 c:\windows\system32\d3dx10_39.dll
- 2009-06-28 05:15 . 2009-06-30 05:02 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-06-28 05:15 . 2009-07-16 19:50 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2008-11-27 04:13 . 2004-08-10 04:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-11-27 04:13 . 2004-08-10 04:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2009-01-28 13:33 . 2009-01-28 13:33 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-07-12 16:33 . 2009-07-12 16:33 599552 c:\windows\Installer\9d019.msi
+ 2008-12-17 18:10 . 2008-12-17 18:10 671232 c:\windows\Installer\9830ddb.msi
+ 2008-11-29 03:02 . 2008-11-29 03:02 390656 c:\windows\Installer\7b65ad7.msi
+ 2008-11-29 02:42 . 2008-11-29 02:42 213504 c:\windows\Installer\7b65acc.msi
+ 2009-03-05 21:20 . 2009-03-05 21:20 140288 c:\windows\Installer\6160a79.msi
+ 2008-12-13 14:58 . 2008-12-13 14:58 754688 c:\windows\Installer\4e833d4.msp
+ 2009-01-28 13:33 . 2009-01-28 13:33 648192 c:\windows\Installer\4e833ab.msi
+ 2008-07-30 02:23 . 2008-07-30 02:23 250880 c:\windows\Installer\4e7622e.msp
+ 2008-07-30 02:28 . 2008-07-30 02:28 278016 c:\windows\Installer\4e7622c.msp
+ 2008-07-30 00:40 . 2008-07-30 00:40 291840 c:\windows\Installer\4e7622a.msp
+ 2009-01-28 13:32 . 2009-01-28 13:32 137728 c:\windows\Installer\4e76224.msi
+ 2008-07-29 22:35 . 2008-07-29 22:35 553472 c:\windows\Installer\4e4ad64.msp
+ 2008-07-29 22:33 . 2008-07-29 22:33 506368 c:\windows\Installer\4e4ad62.msp
+ 2008-07-29 22:37 . 2008-07-29 22:37 911360 c:\windows\Installer\4e4ad61.msp
+ 2009-02-20 14:52 . 2009-02-20 14:52 400896 c:\windows\Installer\480e765.msi
+ 2009-02-20 14:52 . 2009-02-20 14:52 433152 c:\windows\Installer\480e75d.msi
+ 2009-02-20 14:52 . 2009-02-20 14:52 228352 c:\windows\Installer\480e755.msi
+ 2008-12-06 22:06 . 2008-12-06 22:06 348672 c:\windows\Installer\43aca.msi
+ 2006-09-09 17:11 . 2006-09-09 17:11 221184 c:\windows\Installer\3cd80.msi
+ 2006-09-09 17:07 . 2006-09-09 17:07 246784 c:\windows\Installer\3cd74.msi
+ 2008-06-11 19:02 . 2008-06-11 19:02 830464 c:\windows\Installer\3b45d6b.msp
+ 2008-07-28 19:59 . 2008-07-28 19:59 180736 c:\windows\Installer\3b45d54.msp
+ 2008-11-27 05:13 . 2008-11-27 05:13 470528 c:\windows\Installer\39ed8.msi
+ 2008-11-27 05:11 . 2008-11-27 05:11 891904 c:\windows\Installer\39ec4.msi
+ 2009-05-28 15:45 . 2009-05-28 15:45 152576 c:\windows\Installer\31d4a69.msi
+ 2008-12-02 14:34 . 2008-12-02 14:34 239616 c:\windows\Installer\2bd53.msi
+ 2008-12-02 14:34 . 2008-12-02 14:34 321536 c:\windows\Installer\2bd4c.msi
+ 2008-12-02 14:34 . 2008-12-02 14:34 291328 c:\windows\Installer\2bd35.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 121344 c:\windows\Installer\2bd29.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 344064 c:\windows\Installer\2bd22.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 338944 c:\windows\Installer\2bd1b.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 557056 c:\windows\Installer\2bd14.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 325632 c:\windows\Installer\2bd09.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 316416 c:\windows\Installer\2bd02.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 467456 c:\windows\Installer\2bcfb.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 488448 c:\windows\Installer\2bcf3.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 537088 c:\windows\Installer\2bceb.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 121344 c:\windows\Installer\2bcbf.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 489472 c:\windows\Installer\2bcb7.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 667136 c:\windows\Installer\2bcaf.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 492032 c:\windows\Installer\2bca7.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 121344 c:\windows\Installer\2bc9a.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 437248 c:\windows\Installer\2bc84.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 201728 c:\windows\Installer\2bc7c.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 795136 c:\windows\Installer\2bc75.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 547840 c:\windows\Installer\2bc6e.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 637440 c:\windows\Installer\2bc65.msi
+ 2008-12-02 14:32 . 2008-12-02 14:32 334848 c:\windows\Installer\2bc5e.msi
+ 2008-11-27 04:38 . 2008-11-27 04:38 432640 c:\windows\Installer\2b001.msi
+ 2006-09-09 17:44 . 2006-09-09 17:44 112128 c:\windows\Installer\23548.msi
+ 2006-09-09 17:42 . 2006-09-09 17:42 442368 c:\windows\Installer\2352b.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 227840 c:\windows\Installer\234ac.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 227840 c:\windows\Installer\234a4.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 329216 c:\windows\Installer\23378.msi
+ 2008-11-27 03:56 . 2008-11-27 03:56 337408 c:\windows\Installer\2292f.msi
+ 2008-11-27 14:40 . 2008-11-27 14:40 425984 c:\windows\Installer\1fdc492.msi
+ 2009-03-20 16:48 . 2009-03-20 16:48 183808 c:\windows\Installer\15c7740.msp
+ 2008-11-30 02:27 . 2008-11-30 02:27 867840 c:\windows\Installer\15686c4.msi
+ 2009-03-12 12:59 . 2009-03-12 12:59 549888 c:\windows\Installer\13ffc11.msi
+ 2009-03-12 12:59 . 2009-03-12 12:59 519168 c:\windows\Installer\13ffc0a.msi
+ 2009-03-12 12:59 . 2009-03-12 12:59 781824 c:\windows\Installer\13ffc02.msi
+ 2009-03-12 12:58 . 2009-03-12 12:58 464896 c:\windows\Installer\13ffbc9.msi
+ 2009-03-12 12:57 . 2009-03-12 12:57 431104 c:\windows\Installer\13ffb92.msi
+ 2009-03-12 12:57 . 2009-03-12 12:57 202752 c:\windows\Installer\13ffb54.msi
+ 2009-03-12 12:57 . 2009-03-12 12:57 152576 c:\windows\Installer\13ffb4d.msi
+ 2009-03-12 12:56 . 2009-03-12 12:56 107008 c:\windows\Installer\13ffb38.msi
+ 2009-03-12 12:56 . 2009-03-12 12:56 301056 c:\windows\Installer\13ffb31.msi
+ 2005-08-31 04:06 . 2005-08-31 04:06 264704 c:\windows\Installer\122d9.msi
+ 2009-03-13 12:39 . 2009-03-13 12:39 598016 c:\windows\Installer\10a7b0c.msi
+ 2008-11-27 05:29 . 2009-07-15 08:02 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-27 05:29 . 2009-06-11 19:03 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-11-27 05:29 . 2009-07-15 08:02 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-07-06 22:28 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971930-IE8\spuninst\updspapi.dll
+ 2009-07-06 22:28 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971930-IE8\spuninst\spuninst.exe
+ 2009-07-06 22:28 . 2009-02-28 04:55 105984 c:\windows\ie8updates\KB971930-IE8\iecompat.dll
+ 2006-06-20 20:44 . 2006-06-20 20:44 117560 c:\windows\Downloaded Program Files\PURen-us.dll
+ 2006-06-20 20:44 . 2006-06-20 20:44 379704 c:\windows\Downloaded Program Files\MsnPUpld.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-07-13 20:08 . 2009-07-13 20:08 155648 c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP\WiseCustomCalla.dll
+ 2004-08-10 04:00 . 2004-08-10 04:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-07-13 20:09 . 2009-03-09 20:27 4178264 c:\windows\system32\D3DX9_41.dll
+ 2009-07-13 20:09 . 2008-10-10 09:52 4379984 c:\windows\system32\D3DX9_40.dll
+ 2009-07-13 20:09 . 2008-07-10 16:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-07-13 20:09 . 2009-03-09 20:27 1846632 c:\windows\system32\D3DCompiler_41.dll
+ 2009-07-13 20:09 . 2008-10-10 09:52 2036576 c:\windows\system32\D3DCompiler_40.dll
+ 2009-07-13 20:09 . 2008-07-10 16:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2008-11-27 04:13 . 2004-08-10 04:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-11-27 04:13 . 2004-08-10 04:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2008-10-23 03:43 . 2008-10-23 03:43 6820352 c:\windows\Installer\dcfc9a3.msp
+ 2008-10-23 03:48 . 2008-10-23 03:48 7672832 c:\windows\Installer\dcfc98c.msp
+ 2008-11-05 19:25 . 2008-11-05 19:25 5518336 c:\windows\Installer\dcfc975.msp
+ 2005-10-26 19:59 . 2005-10-26 19:59 2883072 c:\windows\Installer\96c3d6.msp
+ 2008-10-17 14:03 . 2008-10-17 14:03 5518336 c:\windows\Installer\96c233.msp
+ 2008-12-04 04:00 . 2008-12-04 04:00 1652224 c:\windows\Installer\80c47ce.msi
+ 2008-12-04 04:00 . 2008-12-04 04:00 8989696 c:\windows\Installer\80c47c7.msi
+ 2008-11-29 03:19 . 2008-11-29 03:19 7284736 c:\windows\Installer\7b65adb.msi
+ 2008-12-12 16:09 . 2008-12-12 16:09 5517824 c:\windows\Installer\71649f7.msp
+ 2008-11-28 21:11 . 2008-11-28 21:11 1154048 c:\windows\Installer\68713c3.msi
+ 2009-01-14 20:43 . 2009-01-14 20:43 5520384 c:\windows\Installer\6373831.msp
+ 2008-11-27 05:29 . 2008-11-27 05:29 5922816 c:\windows\Installer\54d49.msi
+ 2006-09-09 17:54 . 2006-09-09 17:54 5576704 c:\windows\Installer\51328.msi
+ 2006-09-09 17:54 . 2006-09-09 17:54 1327616 c:\windows\Installer\5131a.msi
+ 2008-12-13 14:57 . 2008-12-13 14:57 8397824 c:\windows\Installer\4e833bb.msp
+ 2008-07-30 00:26 . 2008-07-30 00:26 1043456 c:\windows\Installer\4e7622d.msp
+ 2008-07-30 01:37 . 2008-07-30 01:37 2679808 c:\windows\Installer\4e7622b.msp
+ 2008-07-30 02:15 . 2008-07-30 02:15 3697664 c:\windows\Installer\4e76229.msp
+ 2008-07-30 00:34 . 2008-07-30 00:34 1448448 c:\windows\Installer\4e76228.msp
+ 2008-07-30 01:22 . 2008-07-30 01:22 4137984 c:\windows\Installer\4e76227.msp
+ 2008-07-30 00:18 . 2008-07-30 00:18 3376640 c:\windows\Installer\4e76226.msp
+ 2008-07-29 22:45 . 2008-07-29 22:45 2543616 c:\windows\Installer\4e4ad68.msp
+ 2008-07-29 22:29 . 2008-07-29 22:29 2926080 c:\windows\Installer\4e4ad67.msp
+ 2008-07-29 22:41 . 2008-07-29 22:41 6487040 c:\windows\Installer\4e4ad66.msp
+ 2008-07-29 22:39 . 2008-07-29 22:39 3403264 c:\windows\Installer\4e4ad65.msp
+ 2008-07-29 22:43 . 2008-07-29 22:43 1013248 c:\windows\Installer\4e4ad63.msp
+ 2008-07-29 22:31 . 2008-07-29 22:31 6083072 c:\windows\Installer\4e4ad60.msp
+ 2009-04-06 21:00 . 2009-04-06 21:00 5518336 c:\windows\Installer\4afba.msp
+ 2009-02-20 14:52 . 2009-02-20 14:52 8229376 c:\windows\Installer\480e76a.msi
+ 2009-05-12 18:01 . 2009-05-12 18:01 6818816 c:\windows\Installer\464f7a.msp
+ 2009-05-28 17:32 . 2009-05-28 17:32 5518848 c:\windows\Installer\464f62.msp
+ 2009-04-23 22:57 . 2009-04-23 22:57 7672832 c:\windows\Installer\464f4a.msp
+ 2008-12-06 22:06 . 2008-12-06 22:06 1894400 c:\windows\Installer\43ae6.msi
+ 2006-09-09 17:26 . 2006-09-09 17:26 4461056 c:\windows\Installer\40198.msi
+ 2009-01-15 08:35 . 2009-01-15 08:35 4830720 c:\windows\Installer\3d3b831.msp
+ 2008-12-30 00:07 . 2008-12-30 00:07 1516032 c:\windows\Installer\3d16d.msi
+ 2008-06-11 20:05 . 2008-06-11 20:05 9994240 c:\windows\Installer\3b45e74.msp
+ 2008-04-01 19:33 . 2008-04-01 19:33 5479936 c:\windows\Installer\3b45e14.msp
+ 2008-01-31 15:30 . 2008-01-31 15:30 9947648 c:\windows\Installer\3b45de3.msp
+ 2008-01-14 21:53 . 2008-01-14 21:53 5213696 c:\windows\Installer\3b45dc5.msp
+ 2008-10-25 14:15 . 2008-10-25 14:15 6227456 c:\windows\Installer\3b45daf.msp
+ 2008-07-08 16:27 . 2008-07-08 16:27 8436736 c:\windows\Installer\3b45d82.msp
+ 2007-11-08 16:42 . 2007-11-08 16:42 4158464 c:\windows\Installer\3b45d3d.msp
+ 2008-11-27 16:00 . 2008-11-27 16:00 8742912 c:\windows\Installer\3a748c.msi
+ 2008-10-05 09:12 . 2008-10-05 09:12 4784128 c:\windows\Installer\39f27.msp
+ 2006-09-09 17:06 . 2006-09-09 17:06 3443712 c:\windows\Installer\338fa.msi
+ 2009-05-01 20:49 . 2009-05-01 20:49 4328960 c:\windows\Installer\2e96725.msp
+ 2009-05-23 03:31 . 2009-05-23 03:31 1401344 c:\windows\Installer\2cc476d.msi
+ 2009-02-11 19:02 . 2009-02-11 19:02 5519872 c:\windows\Installer\2c3db43.msp
+ 2009-05-16 03:30 . 2009-05-16 03:30 3947520 c:\windows\Installer\2bff06b.msi
+ 2008-12-02 14:34 . 2008-12-02 14:34 1940480 c:\windows\Installer\2bd44.msi
+ 2008-12-02 14:34 . 2008-12-02 14:34 1332224 c:\windows\Installer\2bd3d.msi
+ 2008-12-02 14:33 . 2008-12-02 14:33 3155456 c:\windows\Installer\2bccf.msi
+ 2006-09-09 17:47 . 2006-09-09 17:47 3037184 c:\windows\Installer\23554.msi
+ 2006-09-09 17:44 . 2006-09-09 17:44 4806656 c:\windows\Installer\2353c.msi
+ 2006-09-09 17:41 . 2006-09-09 17:41 2421760 c:\windows\Installer\23524.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 1060864 c:\windows\Installer\2349d.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 1067520 c:\windows\Installer\23413.msi
+ 2006-09-09 17:37 . 2006-09-09 17:37 1058304 c:\windows\Installer\23389.msi
+ 2009-01-27 14:03 . 2009-01-27 14:03 1499648 c:\windows\Installer\21dc330.msi
+ 2008-11-27 14:15 . 2008-11-27 14:15 5863424 c:\windows\Installer\1e4f9b2.msi
+ 2009-06-30 16:30 . 2009-06-30 16:30 5520384 c:\windows\Installer\1d50403.msp
+ 2008-11-30 04:13 . 2008-11-30 04:14 1570816 c:\windows\Installer\1a22e1e.msi
+ 2008-11-30 04:00 . 2008-11-30 04:00 1703424 c:\windows\Installer\1a22dee.msi
+ 2008-11-30 03:48 . 2008-11-30 03:48 2764288 c:\windows\Installer\1a2128f.msi
+ 2009-03-05 19:40 . 2009-03-05 19:40 6819840 c:\windows\Installer\192ab29.msp
+ 2008-11-30 02:28 . 2008-11-30 02:28 1142784 c:\windows\Installer\15686d2.msi
+ 2008-11-30 02:26 . 2008-11-30 02:26 6269952 c:\windows\Installer\15686b7.msi
+ 2008-11-30 04:12 . 2008-11-30 04:14 4862976 c:\windows\Downloaded Installations\{C8789751-0018-4EFC-ACAA-FDF0ECCF6DE5}\XPax Service Pack 1 Upgrade.msi
+ 2008-11-30 04:16 . 2008-11-30 04:16 4765184 c:\windows\Downloaded Installations\{C6666952-FE4F-4A70-9DD4-AAFDA677FB2B}\XPax HotFix 122207 Update.msi
+ 2006-09-09 17:26 . 2006-09-09 17:26 4979712 c:\windows\Downloaded Installations\{AEF1323D-6D80-449F-BCCA-DD777D187D0F}\SETUP_ALL.msi
- 2009-04-15 02:43 . 2009-04-15 02:43 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-04-15 02:43 . 2009-04-15 02:43 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-09 17:12 . 2009-07-09 17:12 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-27 04:35 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe
+ 2008-11-27 03:39 . 2006-09-09 17:11 12127744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi
+ 2006-10-30 09:05 . 2006-10-30 09:05 11390464 c:\windows\Microsoft.NET\Framework\v3.0\WPF\wpf.msi
+ 2008-11-29 03:01 . 2008-11-29 03:02 79255040 c:\windows\Installer\7b65ad0.msi
+ 2008-12-13 15:21 . 2008-12-13 15:21 10473472 c:\windows\Installer\4e833c7.msp
+ 2009-04-15 02:41 . 2009-04-15 02:41 34960896 c:\windows\Installer\485829.msi
+ 2006-09-09 17:07 . 2006-09-09 17:07 19210240 c:\windows\Installer\3cd6e.msp
+ 2008-08-13 19:49 . 2008-08-13 19:49 11816960 c:\windows\Installer\3b45e59.msp
+ 2008-07-30 13:50 . 2008-07-30 13:50 12506112 c:\windows\Installer\3b45e42.msp
+ 2008-07-08 15:09 . 2008-07-08 15:09 11887616 c:\windows\Installer\3b45e2b.msp
+ 2008-06-04 18:29 . 2008-06-04 18:29 16905728 c:\windows\Installer\3b45dfa.msp
+ 2008-01-14 20:24 . 2008-01-14 20:24 10721280 c:\windows\Installer\3b45d98.msp
+ 2008-11-27 04:34 . 2008-11-27 04:34 15256576 c:\windows\Installer\2aff9.msp
+ 2008-11-27 14:15 . 2008-11-27 14:15 10764800 c:\windows\Installer\1e4f9c6.msi
+ 2008-11-30 03:59 . 2008-11-30 03:59 47942144 c:\windows\Downloaded Installations\{9547DF9D-175F-4C46-9E74-6FD02821E8D9}\Active Sky X.msi
+ 2008-11-30 03:51 . 2008-11-30 03:51 43555840 c:\windows\Downloaded Installations\{6A3E108D-7841-4CC1-8A5C-E0C30E5C17D9}\X Graphics SP2 Upgrade.msi
+ 2008-11-30 04:05 . 2008-11-30 04:05 11975680 c:\windows\Downloaded Installations\{3476B08B-D9EA-4073-986F-730F0111479F}\Active Sky X SP2 Upgrade.msi
+ 2007-07-27 14:03 . 2007-07-27 14:03 119977472 c:\windows\Installer\96c3bf.msp
+ 2008-11-28 21:10 . 2008-11-28 21:10 241051648 c:\windows\Installer\68713bc.msi
+ 2009-04-15 16:16 . 2009-04-15 16:16 209389568 c:\windows\Installer\2b7accc.msi
+ 2009-04-15 16:10 . 2009-04-15 16:10 426074624 c:\windows\Installer\2b7acc4.msi
+ 2009-04-15 16:01 . 2009-04-15 16:01 297648128 c:\windows\Installer\2b7acbc.msi
+ 2008-11-30 03:43 . 2008-11-30 03:43 446787072 c:\windows\Downloaded Installations\{570FEE9D-A475-4599-A2B9-9EB7549BD70A}\X Graphics.msi
+ 2008-11-30 04:13 . 2008-11-30 04:13 143369728 c:\windows\Downloaded Installations\{4D1C755C-B7F3-4A2D-941D-7607D7DCCAB8}\XPax.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-30 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
"TkBellExe"="realsched.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\HP_Administrator\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2009-4-1 801032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-12-2 113664]
Event Planner Reminder 2008.lnk - c:\windows\Installer\{747A6A10-DA58-48C2-A1F0-C15514419C8A}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2008-11-29 1718]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-30 14:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\Autobahn\\mlb-nexdef-autobahn.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"d:\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\EA Sports\\Madden NFL 08\\mainapp.exe"=
"d:\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"d:\\Downloads\\Complete\\Lost.Via.Domus.Multi-5.Full-Rip.Skullptura\\Lost Via Domus\\Yeti_Final_Win32.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/12/2009 9:45 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/12/2009 9:45 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 11:06 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/12/2009 9:44 AM 298776]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [6/29/2009 12:43 PM 36480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [9/9/2006 12:29 PM 82048]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [6/29/2009 12:42 PM 20480]
S2 C8465F4A064C7874;C8465F4A064C7874;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\C8465F4A064C7874\C8465F4A064C7874 --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\C8465F4A064C7874\C8465F4A064C7874 [?]
S2 gupdate1c99a9f98ae086;Google Update Service (gupdate1c99a9f98ae086);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2009 1:53 PM 133104]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [4/26/2009 4:34 PM 72576]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [9/9/2006 12:28 PM 468768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 01:43]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 18:53]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 18:53]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 10:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\C8465F4A064C7874]
"ImagePath"="\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\C8465F4A064C7874\C8465F4A064C7874"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-880785693-923586422-2241841253-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,8c,9d,b7,f9,c0,c4,c4,8f,f9,ad,f3,f5,10,37,d6,b6,74,c9,b3,0a,aa,52,
c7,cc,b6,80,6c,e7,e3,4a,4f,1f,dc,52,95,43,46,45,a4,50,28,2e,54,cc,08,8e,ec,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-880785693-923586422-2241841253-1007\Software\SecuROM\License information*]
"datasecu"=hex:80,fb,92,52,77,4f,a5,0e,aa,39,55,c1,25,a3,67,76,ed,6c,a6,cb,4d,
a8,78,f0,10,53,43,f5,7f,1c,31,21,b4,2a,3b,6c,f1,1f,d9,7f,ed,bc,b5,e4,01,17,\
"rkeysecu"=hex:5f,c4,2c,1f,f2,e5,7d,50,35,de,89,7f,e8,40,31,5f

[HKEY_USERS\S-1-5-21-880785693-923586422-2241841253-1007\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"Percents"="0.0013 0.1191 0.3307 0.5609 0.8019 0.8795 0.8929 "
"Increment"=".005618"
"FRT"="BT6bXg0nP3ynhT7c7KfIsrj9rXip+xQP+FRWlJslAy0stXWPWrUN3w=="
"PLCK"="EZlIChJJVB20qLgeO36X22JEWd/trP70"
"PHSH"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-19 10:22
ComboFix-quarantined-files.txt 2009-07-19 15:22
ComboFix2.txt 2009-06-30 14:48
ComboFix3.txt 2009-03-08 15:07
ComboFix4.txt 2009-03-08 07:42

Pre-Run: 29,161,586,688 bytes free
Post-Run: 29,132,189,696 bytes free

561 --- E O F --- 2009-07-15 08:02

#6 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 19 July 2009 - 10:30 AM

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 10:28:59.26 on Sun 07/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1344 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\hp_administrator\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227762611171
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 srenum;srenum;c:\windows\system32\drivers\srenum.sys [2009-6-29 36480]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-9-9 82048]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-29 20480]
S2 C8465F4A064C7874;C8465F4A064C7874;\??\c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\c8465f4a064c7874 --> c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\C8465F4A064C7874 [?]
S2 gupdate1c99a9f98ae086;Google Update Service (gupdate1c99a9f98ae086);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-5-6 141056]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-4-26 72576]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-9-9 468768]

=============== Created Last 30 ================

2009-07-19 10:12 <DIR> --ds---- C:\ComboFix
2009-07-18 20:28 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-07-18 20:28 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-07-18 20:28 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-07-18 20:28 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-07-18 20:28 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-07-18 20:28 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-07-18 20:28 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-07-18 20:28 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-07-15 22:25 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HSA
2009-07-15 21:28 4,096 a------- c:\windows\d3dx.dat
2009-07-15 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-07-15 21:26 <DIR> --d----- C:\GameHouse Games
2009-07-15 21:25 <DIR> --d----- c:\program files\RealArcade
2009-07-13 15:08 <DIR> --d----- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-07-12 11:22 <DIR> --d----- c:\program files\Atari
2009-07-09 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SimCity Societies
2009-07-08 17:37 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-07-06 21:30 <DIR> --d----- c:\windows\Performance
2009-07-06 10:56 <DIR> --d----- c:\program files\Unity
2009-06-30 09:44 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-30 09:42 50,176 a------- c:\windows\system32\proquota.exe
2009-06-30 09:42 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-06-30 09:31 219,648 a------- c:\windows\PEV.exe
2009-06-30 09:31 161,792 a------- c:\windows\SWREG.exe
2009-06-30 09:31 98,816 a------- c:\windows\sed.exe
2009-06-29 12:43 36,480 a------- c:\windows\system32\drivers\srenum.sys
2009-06-29 12:42 20,480 a------- c:\windows\system32\drivers\ndisrd.sys
2009-06-25 08:13 1,140 a------- C:\drmHeader.bin
2009-06-22 20:19 <DIR> --d----- c:\program files\common files\CyberLink
2009-06-22 20:18 29,480 a------- c:\windows\system32\msxml3a.dll

==================== Find3M ====================

2009-07-18 09:51 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 13:12 138,064 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-15 13:12 189,184 a------- c:\windows\system32\PnkBstrB.exe
2009-06-30 09:12 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 09:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 05:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 12:07 90,112 a------- c:\windows\system32\videoul.tmp
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-03 22:59 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-05-03 22:56 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-03 22:45 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-05-03 22:45 17,212 a------- c:\windows\system32\SIntf32.dll
2009-05-03 22:45 12,067 a------- c:\windows\system32\SIntf16.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 16:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 16:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 16:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 16:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 16:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 16:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 06:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-14 21:42 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys
2007-01-25 08:24 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 10:29:08.20 ===============

Attached Files



#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 20 July 2009 - 03:09 AM

Hi,

Upload following files to Virustotal (re-scan the files if asked) and post back the results or links to the results:
c:\windows\system32\drivers\srenum.sys
c:\windows\system32\drivers\ndisrd.sys

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 July 2009 - 09:00 AM

While trying to upload c:\windows\system32\drivers\srenum.sys, AVG recognized it as a Trojan horse BackDoor.Agent.ABXO. I told AVG to heal and it moved the file to the virus vault.

Virustotal shows
0 bytes size received / Se ha recibido un archivo vacio


Results for c:\windows\system32\drivers\ndisrd.sys

File has already been analysed:
MD5: 1359b200974395679b092f1d5f63cfa9
First received: 2009.06.23 13:53:32 UTC
Date: 2009.07.16 14:50:08 UTC [>3D]
Results: 0/41
Permalink: analisis/d359582ca1f00134dc049201be48e2f2d9df81b8e19f77c74d9ba73db6b21b15-1247755808

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.07.16 -
AhnLab-V3 5.0.0.2 2009.07.16 -
AntiVir 7.9.0.215 2009.07.16 -
Antiy-AVL 2.0.3.7 2009.07.16 -
Authentium 5.1.2.4 2009.07.16 -
Avast 4.8.1335.0 2009.07.16 -
AVG 8.5.0.387 2009.07.16 -
BitDefender 7.2 2009.07.16 -
CAT-QuickHeal 10.00 2009.07.16 -
ClamAV 0.94.1 2009.07.16 -
Comodo 1671 2009.07.16 -
DrWeb 5.0.0.12182 2009.07.16 -
eSafe 7.0.17.0 2009.07.16 -
eTrust-Vet 31.6.6617 2009.07.15 -
F-Prot 4.4.4.56 2009.07.16 -
F-Secure 8.0.14470.0 2009.07.16 -
Fortinet 3.120.0.0 2009.07.16 -
GData 19 2009.07.16 -
Ikarus T3.1.1.64.0 2009.07.16 -
Jiangmin 11.0.800 2009.07.16 -
K7AntiVirus 7.10.793 2009.07.15 -
Kaspersky 7.0.0.125 2009.07.16 -
McAfee 5677 2009.07.15 -
McAfee+Artemis 5677 2009.07.15 -
McAfee-GW-Edition 6.8.5 2009.07.16 -
Microsoft 1.4803 2009.07.16 -
NOD32 4250 2009.07.16 -
Norman 6.01.09 2009.07.16 -
nProtect 2009.1.8.0 2009.07.16 -
Panda 10.0.0.14 2009.07.15 -
PCTools 4.4.2.0 2009.07.16 -
Prevx 3.0 2009.07.16 -
Rising 21.38.34.00 2009.07.16 -
Sophos 4.43.0 2009.07.16 -
Sunbelt 3.2.1858.2 2009.07.16 -
Symantec 1.4.4.12 2009.07.16 -
TheHacker 6.3.4.3.368 2009.07.15 -
TrendMicro 8.950.0.1094 2009.07.16 -
VBA32 3.12.10.8 2009.07.15 -
ViRobot 2009.7.16.1839 2009.07.16 -
VirusBuster 4.6.5.0 2009.07.16 -
Additional information
File size: 20480 bytes
MD5 : 1359b200974395679b092f1d5f63cfa9
SHA1 : 613843dabaa2c42413879b5848dd43b0ff691c1a
SHA256: d359582ca1f00134dc049201be48e2f2d9df81b8e19f77c74d9ba73db6b21b15
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x62CB
timedatestamp.....: 0x479844D0 (Thu Jan 24 08:57:04 2008)
machinetype.......: 0x14C (Intel I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2E1A 0x3000 6.09 4cd3d1b86beb876c1e9a8b4d8a09c809
.rdata 0x4000 0x204 0x400 2.32 6947c3e604e5e928eb51d7da52cbf961
.data 0x5000 0x8C 0x200 0.19 ed905d182900f77cd2506ed796a92f0c
INIT 0x6000 0xA44 0xC00 5.11 c65f825921546cb54130dba52363ef07
.rsrc 0x7000 0x410 0x600 2.41 9573497fa5b1c67a818c6ddd648bb445
.reloc 0x8000 0x3CE 0x400 5.82 8bd919597ceb222e6f2c4f548c0c2673

( 2 imports )

> ndis.sys: NdisIMAssociateMiniport, NdisSend, NdisQueryBuffer, NdisFreeBuffer, NdisFreePacket, NdisQueryBufferOffset, NDIS_BUFFER_TO_SPAN_PAGES, NdisIMCancelInitializeDeviceInstance, NdisIMDeInitializeDeviceInstance, NdisOpenProtocolConfiguration, NdisReadConfiguration, NdisAllocateMemoryWithTag, NdisInitializeEvent, NdisAllocatePacketPool, NdisAllocateBufferPool, NdisSetEvent, NdisReleaseSpinLock, NdisAcquireSpinLock, NdisMSetAttributesEx, NdisIMGetDeviceContext, NdisRequest, NdisTransferData, NdisCancelSendPackets, NdisFreeBufferPool, NdisFreePacketPool, NdisFreeMemory, NdisWaitEvent, NdisCloseAdapter, NdisResetEvent, NdisAllocateMemory, NdisMDeregisterDevice, NdisIMDeregisterLayeredMiniport, NdisTerminateWrapper, NdisRegisterProtocol, NdisInitUnicodeString, NdisMRegisterUnloadHandler, NdisIMRegisterLayeredMiniport, NdisInitializeWrapper, NdisAllocateSpinLock, NdisMRegisterDevice, NdisMSleep, NdisDeregisterProtocol, NdisUnchainBufferAtFront, NdisAllocateBuffer, NdisAllocatePacket, NdisIMNotifyPnPEvent, NdisReEnumerateProtocolBindings, NdisCloseConfiguration, NdisIMInitializeDeviceInstanceEx, NdisOpenAdapter, NdisUnicodeStringToAnsiString
> ntoskrnl.exe: KeBugCheckEx, KeTickCount, _alldiv, KeQuerySystemTime, RtlTimeFieldsToTime, _except_handler3, ExEventObjectType, ObReferenceObjectByHandle, ObfDereferenceObject, RtlQueryRegistryValues, InterlockedIncrement, InterlockedDecrement, IofCompleteRequest, KeSetEvent

( 0 exports )

TrID : File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ssdeep: 384:dlJVYdajYc/GNLFoscTg68L0IalpoJdw7TJuVU:dNJGNLWscTgFIIaUw78
PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set

#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 20 July 2009 - 03:57 PM

Hi,

Please run a full scan with Superantispyware that seems to be installed on your system (update its definition base first). Post bact the report & a fresh dds.txt log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 July 2009 - 07:01 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/20/2009 at 06:52 PM

Application Version : 4.25.1014

Core Rules Database Version : 4005
Trace Rules Database Version: 1945

Scan type : Complete Scan
Total Scan Time : 02:53:22

Memory items scanned : 604
Memory threats detected : 0
Registry items scanned : 7037
Registry threats detected : 0
File items scanned : 294059
File threats detected : 204

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bridge1.admarketplace[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.monster[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.widgetbucks[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.realtor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@s.clickability[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eaeacom.112.2o7[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@farecastcom.122.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cb.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@counter.marketplaceadvisor.channeladvisor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toseeka[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.turn[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@shopica[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.dealtime[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myroitracking[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyewonder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@socialmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a1.interclick[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bridgetrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@chitika[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@c7.zedo[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@admarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.aopa[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cache.trafficmp[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@112.2o7[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@thefind[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@d3.zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-researchinmotion.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[7].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data.coremetrics[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mars.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qnsr[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[6].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.undertone[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.toseeka[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@homestore.122.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adreactor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn4.specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.infinisource[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lucidmedia[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@enhance[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@208.122.40[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@208.122.40[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@a1.interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.iconadserver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adprofile[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.ad4game[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.flyfile[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lucidmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lucidmedia[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lucidmedia[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.monster[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.realtechnetwork[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.techguy[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.torrentreactor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.undertone[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.us.e-planning[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.widgetbucks[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adreactor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@afaservice.122.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ar.atwola[5].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@azjmp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bridge1.admarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bridge2.admarketplace[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@c7.zedo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cache.trafficmp[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cbs.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn4.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@centralmediaserver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@chitika[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.cashengines[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.mediadome[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicks.smartbizsearch[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickthrough.kanoodle[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data.coremetrics[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@data.coremetrics[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.media.adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dynamic.media.adrevolver[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eaeacom.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eaeacom.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eaeacom.112.2o7[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edge.ru4[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-mh.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-starbucks.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@farecastcom.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@homestore.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hros.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kaspersky.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lfstmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lfstmedia[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@maxis.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@metrics.ignitemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@microsoftwindows.112.2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mmaadnet.ad-control-panel[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@paypal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@socialmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@socialmedia[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stats.paypal[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@technoratimedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@timeinc.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toseeka[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@toseeka[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.realtor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracking.z-tracking[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@view.atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.icityfind[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.toseeka[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.toseeka[2].txt

#11 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 July 2009 - 07:03 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by HP_Administrator at 19:01:30.03 on Mon 07/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1410 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2008 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - hpWebHelper Class
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "realsched.exe" -osboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\hp_administrator\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{747a6a10-da58-48c2-a1f0-c15514419c8a}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} - hxxp://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227762611171
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} - hxxp://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-12 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-12 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-12 298776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2006-9-9 82048]
R3 ndisrd;WinpkFilter Service;c:\windows\system32\drivers\ndisrd.sys [2009-6-29 20480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S2 C8465F4A064C7874;C8465F4A064C7874;\??\c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\c8465f4a064c7874 --> c:\docume~1\hp_adm~1\locals~1\temp\c8465f4a064c7874\C8465F4A064C7874 [?]
S2 gupdate1c99a9f98ae086;Google Update Service (gupdate1c99a9f98ae086);c:\program files\google\update\GoogleUpdate.exe [2009-3-1 133104]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys --> c:\windows\system32\drivers\srenum.sys [?]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-5-6 141056]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2009-4-26 72576]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-9-9 468768]

=============== Created Last 30 ================

2009-07-19 10:12 <DIR> --ds---- C:\ComboFix
2009-07-18 20:28 462,848 a------- c:\windows\system32\ltkrn13n.dll
2009-07-18 20:28 450,560 a------- c:\windows\system32\ltimg13n.dll
2009-07-18 20:28 401,408 a------- c:\windows\system32\lfcmp13n.dll
2009-07-18 20:28 299,008 a------- c:\windows\system32\ltdis13n.dll
2009-07-18 20:28 206,336 a------- c:\windows\system32\ltefx13n.dll
2009-07-18 20:28 163,840 a------- c:\windows\system32\ltfil13n.dll
2009-07-18 20:28 69,632 a------- c:\windows\system32\lfgif13n.dll
2009-07-18 20:28 57,344 a------- c:\windows\system32\lfbmp13n.dll
2009-07-15 22:25 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HSA
2009-07-15 21:28 4,096 a------- c:\windows\d3dx.dat
2009-07-15 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-07-15 21:26 <DIR> --d----- C:\GameHouse Games
2009-07-15 21:25 <DIR> --d----- c:\program files\RealArcade
2009-07-13 15:08 <DIR> --d----- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2009-07-12 11:22 <DIR> --d----- c:\program files\Atari
2009-07-09 12:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SimCity Societies
2009-07-08 17:37 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-07-06 21:30 <DIR> --d----- c:\windows\Performance
2009-07-06 10:56 <DIR> --d----- c:\program files\Unity
2009-06-30 09:44 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-30 09:42 50,176 a------- c:\windows\system32\proquota.exe
2009-06-30 09:42 50,176 a------- c:\windows\system32\dllcache\proquota.exe
2009-06-30 09:31 219,648 a------- c:\windows\PEV.exe
2009-06-30 09:31 161,792 a------- c:\windows\SWREG.exe
2009-06-30 09:31 98,816 a------- c:\windows\sed.exe
2009-06-29 12:42 20,480 a------- c:\windows\system32\drivers\ndisrd.sys
2009-06-25 08:13 1,140 a------- C:\drmHeader.bin
2009-06-22 20:19 <DIR> --d----- c:\program files\common files\CyberLink
2009-06-22 20:18 29,480 a------- c:\windows\system32\msxml3a.dll

==================== Find3M ====================

2009-07-18 09:51 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 13:12 138,064 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-15 13:12 189,184 a------- c:\windows\system32\PnkBstrB.exe
2009-06-30 09:12 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-16 09:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 09:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-16 09:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 05:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-26 12:07 90,112 a------- c:\windows\system32\videoul.tmp
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\cache\wininet.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-03 22:59 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-05-03 22:56 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-05-03 22:45 21,840 a------- c:\windows\system32\SIntfNT.dll
2009-05-03 22:45 17,212 a------- c:\windows\system32\SIntf32.dll
2009-05-03 22:45 12,067 a------- c:\windows\system32\SIntf16.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 16:22 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-04-30 16:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 16:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 16:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 16:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 16:22 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-04-30 06:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-14 21:42 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys
2007-01-25 08:24 32 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 19:01:50.26 ===============

Attached Files



#12 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 July 2009 - 10:36 PM

AVG just recognized a threat. Virus identified Packed.Monder

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP280\A0037260.sys

#13 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 20 July 2009 - 11:09 PM

Another threat popped up. Same as before except the file was listed as

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP280\A0037261.dll

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:12 PM

Posted 21 July 2009 - 02:14 AM

AVG just recognized a threat. Virus identified Packed.Monder

Hi,

Those items in system restore will be cleaned in the final cleaning phase :thumbup2:


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Let's see if you can find one more file to be scanned at Virustotal:
c:\Documents and Settings\HP_Administrator\Local Settings\Temp\C8465F4A064C7874\C8465F4A064C7874

Post back the scanning results if the file was found or let me know if the file doesn't exist.

Edited by Blade81, 21 July 2009 - 02:14 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 scobeck24

scobeck24
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:12 AM

Posted 21 July 2009 - 08:54 AM

The file does not exist




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users