Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis log/sound doesnt work


  • This topic is locked This topic is locked
6 replies to this topic

#1 owner16

owner16

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 14 July 2009 - 12:38 AM

Access violation at address 0040C718 in module 'ALCWZRD.EXE'. Read of address 00000000. any help would be greatly appreciated!

attached is a HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:11 PM, on 7/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\HJT\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8102 bytes

Attached Files


Edited by owner16, 14 July 2009 - 12:38 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:29 AM

Posted 24 July 2009 - 06:27 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 owner16

owner16
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 25 July 2009 - 01:43 PM

thanks for the help syler! i got the sound working by updating some sound drivers, so thats working. I ran malwarebytes the first time i posted here (14th) and found many trojans, so im not sure if its still completely clean. I have also downloaded AVAST recently since my norton is VERY old. Thanks again to help me clean up this computer!

MALWARE BYTES LOG:

Malwarebytes' Anti-Malware 1.39
Database version: 2500
Windows 5.1.2600 Service Pack 2

7/25/2009 11:30:19 AM
mbam-log-2009-07-25 (11-30-19).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 165646
Time elapsed: 35 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RSIT LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-07-25 11:40:23
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 174 GB (75%) free of 233 GB
Total RAM: 511 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:38 AM, on 7/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\HJT\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6053 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-16 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-16 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-16 148888]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-08-07 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-04-21 286720]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-17 118784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-18 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-18 86016]
"avast!"=C:\PROGRA~1\Avast\ashDisp.exe [2009-02-05 81000]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-06 90112]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2005-04-06 2805248]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-04-12 65536]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-03 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2009-07-22 03:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-22 03:07:26 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-22 03:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-22 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-21 11:45:40 ----A---- C:\WINDOWS\system32\muweb.dll
2009-07-21 11:45:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-21 11:45:40 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-17 13:58:04 ----D---- C:\Program Files\Microsoft
2009-07-17 13:57:43 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-17 13:57:01 ----D---- C:\Program Files\Windows Live
2009-07-17 13:54:21 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-17 13:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 13:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 13:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 13:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 13:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 13:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 13:12:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 13:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 13:12:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 13:12:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 13:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 13:09:51 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-17 13:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 13:07:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 13:07:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 03:06:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 03:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 03:06:09 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-07-17 03:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 03:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 03:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-17 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 03:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 03:02:43 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-17 03:02:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-17 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 03:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-07-16 17:18:01 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-16 17:17:51 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-16 17:17:33 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-16 13:52:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-16 13:52:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-16 13:52:36 ----A---- C:\WINDOWS\system32\java.exe
2009-07-16 13:52:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-16 13:23:06 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-15 23:20:21 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2009-07-14 13:18:37 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-07-14 13:18:36 ----N---- C:\WINDOWS\system32\ChCfg.exe
2009-07-14 13:18:36 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-14 13:18:33 ----D---- C:\Program Files\Realtek
2009-07-14 13:18:32 ----N---- C:\WINDOWS\RtlExUpd.dll
2009-07-14 09:12:53 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-14 09:12:51 ----D---- C:\Program Files\Avast
2009-07-13 19:59:52 ----A---- C:\log.txt
2009-07-13 19:54:48 ----D---- C:\WINDOWS\temp
2009-07-13 19:54:46 ----A---- C:\ComboFix.txt
2009-07-13 19:44:08 ----A---- C:\WINDOWS\zip.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\SWSC.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\SWREG.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\sed.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\PEV.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-13 19:44:08 ----A---- C:\WINDOWS\grep.exe
2009-07-13 19:44:01 ----D---- C:\Qoobox
2009-07-13 17:28:54 ----D---- C:\rsit
2009-07-13 17:17:08 ----D---- C:\HJT
2009-07-13 16:25:28 ----D---- C:\WINDOWS\ERDNT
2009-07-13 15:49:59 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2009-07-13 15:49:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 15:49:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 15:48:10 ----D---- C:\Program Files\ERUNT
2009-07-13 13:48:29 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-07-13 13:48:10 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-07-13 13:43:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Motive
2009-07-13 13:36:31 ----RSHD---- C:\cmdcons
2009-07-13 13:36:19 ----D---- C:\WINDOWS\setupupd
2009-07-13 13:23:31 ----D---- C:\WINDOWS\system32\Lang
2009-07-13 13:23:00 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-13 13:22:24 ----ASH---- C:\Documents and Settings\HP_Owner\Application Data\desktop.ini
2009-07-13 13:22:22 ----SD---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2009-07-13 13:22:22 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Identities
2009-07-13 13:22:22 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2009-07-13 13:22:21 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2009-07-13 13:22:21 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Sun
2009-07-13 13:22:21 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2009-07-13 13:22:21 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Real
2009-07-13 13:20:55 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2009-07-13 13:19:07 ----A---- C:\WINDOWS\system32\IVIresize.dll
2009-07-13 13:18:20 ----A---- C:\WINDOWS\system32\uninst_disp_silently.txt
2009-07-13 13:17:58 ----A---- C:\WINDOWS\system32\uninst_nrm_silently.txt
2009-07-13 13:17:55 ----A---- C:\WINDOWS\system32\uninst_net_silently.txt
2009-07-13 13:17:46 ----A---- C:\WINDOWS\system32\uninst_smb_silently.txt
2009-07-13 13:01:09 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-07-13 13:00:31 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-13 12:43:54 ----RHD---- C:\MSOCache
2009-07-13 12:42:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-13 08:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\11307964
2009-07-10 22:08:07 ----D---- C:\Program Files\mIRC
2009-07-10 22:08:07 ----D---- C:\Documents and Settings\HP_Owner\Application Data\mIRC
2009-06-12 15:19:02 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM

======List of files/folders modified in the last 3 months======

2009-07-25 11:34:56 ----D---- C:\WINDOWS
2009-07-25 11:34:00 ----D---- C:\WINDOWS\Prefetch
2009-07-25 11:10:51 ----D---- C:\Program Files\Diablo II
2009-07-25 10:56:11 ----D---- C:\Program Files\Mozilla Firefox
2009-07-23 01:10:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-23 01:10:40 ----SHD---- C:\WINDOWS\Installer
2009-07-23 01:10:40 ----HD---- C:\Config.Msi
2009-07-23 01:09:29 ----A---- C:\WINDOWS\win.ini
2009-07-22 03:15:19 ----D---- C:\WINDOWS\system32
2009-07-22 03:14:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-22 03:08:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-22 03:08:20 ----HD---- C:\WINDOWS\inf
2009-07-22 03:07:58 ----A---- C:\WINDOWS\imsins.BAK
2009-07-22 03:07:26 ----RD---- C:\Program Files
2009-07-22 03:04:44 ----D---- C:\Program Files\Microsoft Works
2009-07-22 03:04:38 ----RSD---- C:\WINDOWS\Fonts
2009-07-22 03:04:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-21 17:09:07 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-21 17:08:29 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-21 13:06:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-17 14:54:36 ----D---- C:\WINDOWS\AppPatch
2009-07-17 13:58:17 ----D---- C:\WINDOWS\WinSxS
2009-07-17 13:57:50 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-17 13:54:21 ----D---- C:\Program Files\Common Files
2009-07-17 13:13:56 ----D---- C:\WINDOWS\system32\drivers
2009-07-17 13:13:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 13:12:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 13:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 13:09:29 ----D---- C:\WINDOWS\Registration
2009-07-17 13:09:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 13:08:42 ----D---- C:\Program Files\Internet Explorer
2009-07-17 13:02:29 ----D---- C:\Program Files\Steam
2009-07-17 12:44:07 ----D---- C:\WINDOWS\system32\wbem
2009-07-17 03:06:21 ----D---- C:\Program Files\Messenger
2009-07-17 03:05:40 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-17 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-16 21:36:23 ----D---- C:\Program Files\World of Warcraft
2009-07-16 13:52:15 ----D---- C:\Program Files\Java
2009-07-16 13:23:23 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-16 13:23:22 ----D---- C:\WINDOWS\Help
2009-07-14 13:20:24 ----D---- C:\WINDOWS\system32\config
2009-07-14 13:18:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 00:57:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-14 00:51:31 ----SD---- C:\WINDOWS\Tasks
2009-07-14 00:50:39 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-14 00:50:34 ----D---- C:\Program Files\Symantec
2009-07-13 19:52:02 ----A---- C:\WINDOWS\system.ini
2009-07-13 18:36:08 ----D---- C:\Program Files\Hewlett-Packard
2009-07-13 18:35:39 ----D---- C:\Program Files\Easy Internet signup
2009-07-13 16:57:52 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Google
2009-07-13 13:53:26 ----D---- C:\WINDOWS\nview
2009-07-13 13:36:40 ----RASH---- C:\boot.ini
2009-07-13 13:36:31 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-13 13:34:13 ----D---- C:\WINDOWS\security
2009-07-13 13:23:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-13 13:22:20 ----D---- C:\Documents and Settings
2009-07-13 13:21:15 ----A---- C:\WINDOWS\setuplog.txt
2009-07-13 13:21:13 ----SHD---- C:\System Volume Information
2009-07-13 13:21:05 ----D---- C:\sysprep
2009-07-13 13:20:47 ----RASH---- C:\BOOT.BAK
2009-07-13 13:20:26 ----A---- C:\AUTOEXEC.BAT
2009-07-13 12:55:15 ----HD---- C:\HP
2009-07-13 12:54:59 ----D---- C:\WINDOWS\system
2009-07-13 12:52:30 ----D---- C:\Program Files\Windows NT
2009-07-13 12:52:29 ----D---- C:\Program Files\Windows Media Player
2009-07-13 12:52:29 ----D---- C:\Program Files\Outlook Express
2009-07-13 12:52:29 ----D---- C:\Program Files\NetMeeting
2009-07-13 12:52:21 ----D---- C:\Program Files\Common Files\Services
2009-07-13 12:52:16 ----D---- C:\WINDOWS\system32\ras
2009-07-13 12:52:16 ----D---- C:\WINDOWS\system32\oobe
2009-07-13 12:52:07 ----D---- C:\WINDOWS\system32\icsxml
2009-07-13 12:52:07 ----D---- C:\WINDOWS\system32\ias
2009-07-13 12:51:43 ----D---- C:\WINDOWS\system32\Setup
2009-07-13 12:51:43 ----D---- C:\WINDOWS\system32\Restore
2009-07-13 12:51:41 ----D---- C:\WINDOWS\system32\Com
2009-07-13 12:51:41 ----D---- C:\WINDOWS\srchasst
2009-07-13 12:51:38 ----RD---- C:\WINDOWS\Web
2009-07-13 12:51:38 ----D---- C:\WINDOWS\addins
2009-07-13 12:51:37 ----D---- C:\WINDOWS\Media
2009-07-13 12:51:27 ----D---- C:\WINDOWS\Cursors
2009-07-13 12:51:09 ----RSD---- C:\WINDOWS\assembly
2009-07-13 12:51:09 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-13 12:18:54 ----D---- C:\Program Files\DNA
2009-07-13 12:18:54 ----D---- C:\Documents and Settings\HP_Owner\Application Data\DNA
2009-07-06 23:32:38 ----D---- C:\WINDOWS\Minidump
2009-06-16 07:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-03 12:27:58 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-07 08:44:00 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-28 21:52:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-28 21:52:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-28 21:52:42 ----A---- C:\WINDOWS\system32\browseui.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-28 21:52:40 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-28 21:52:40 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-04-28 21:52:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-28 21:52:39 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\inseng.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-28 21:52:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-04-28 21:52:36 ----A---- C:\WINDOWS\system32\cdfview.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-17 12160]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-04-15 2564032]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-18 3655712]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S3 catchme;catchme; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\catchme.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-03 730653]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-19 218112]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-05-05 142976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-16 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-18 143426]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast\ashWebSv.exe [2009-02-05 352920]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-04-21 401408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

RSIT INFO:

info.txt logfile of random's system information tool 1.06 2009-07-25 11:40:40

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
avast! Antivirus-->C:\Program Files\Avast\aswRunDll.exe "C:\Program Files\Avast\Setup\setiface.dll",RunSetup
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\HJT\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2-->C:\Program Files\HP\Digital Imaging\{5E1494D4-3562-4FFB-B35C-600F80F6934C}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ402-->MsiExec.exe /X{8D9768AE-DE42-4A04-A461-2361A58C384D}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 3.5 magicMoments - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090724-0]

======System event log======

Computer Name: YOUR-AE066C3A9B
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 206
Source Name: Service Control Manager
Time Written: 20090713195022.000000-420
Event Type: error
User:

Computer Name: YOUR-AE066C3A9B
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 202
Source Name: Service Control Manager
Time Written: 20090713194531.000000-420
Event Type: error
User:

Computer Name: YOUR-AE066C3A9B
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 170
Source Name: Cdrom
Time Written: 20090713191227.000000-420
Event Type: error
User:

Computer Name: YOUR-AE066C3A9B
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 169
Source Name: Cdrom
Time Written: 20090713191221.000000-420
Event Type: error
User:

Computer Name: YOUR-AE066C3A9B
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
fasttx2k
PCIIde
SISAGP
viaagp1

Record Number: 116
Source Name: Service Control Manager
Time Written: 20090713165925.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-AE066C3A9B
Event Code: 1517
Message: Windows saved user YOUR-AE066C3A9B\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 168
Source Name: Userenv
Time Written: 20090714131920.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-AE066C3A9B
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 84
Source Name: MsiInstaller
Time Written: 20090713183625.000000-420
Event Type: warning
User: YOUR-AE066C3A9B\HP_Owner

Computer Name: YOUR-AE066C3A9B
Event Code: 1517
Message: Windows saved user YOUR-AE066C3A9B\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 56
Source Name: Userenv
Time Written: 20090713165811.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-AE066C3A9B
Event Code: 1517
Message: Windows saved user YOUR-AE066C3A9B\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 33
Source Name: Userenv
Time Written: 20090713135227.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-AE066C3A9B
Event Code: 1517
Message: Windows saved user YOUR-AE066C3A9B\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 17
Source Name: Userenv
Time Written: 20090713133400.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:29 AM

Posted 26 July 2009 - 04:40 PM

Hi owner16,

Can you tell me what problems you are having at the moment if any?

ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply.

unite.jpg


#5 owner16

owner16
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 26 July 2009 - 10:21 PM

apologize for the misleading information, but at the time i had no sound and the computer didnt seem to register my headset, but it seems my drivers were just out of date and my sound is working fine. i am worried because the first time i ran malware bytes i got a ton of malicious programs and im thinking there is more, so im hoping you would know what to do

combofix from when i first ran it:

ComboFix 09-07-13.01 - HP_Owner 07/13/2009 19:45.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.312 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\Desktop\Combo-Fix.exe
FW: Norton Personal Firewall *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-3973978852-2660709590-809095566-1009
c:\windows\Installer\116ef47e.msi
c:\windows\Installer\116ef490.msi
c:\windows\Installer\116ef496.msi
c:\windows\Installer\116ef4ad.msi
c:\windows\Installer\15c7b.msi
c:\windows\Installer\1684e36d.msi
c:\windows\Installer\1684e3b4.msp
c:\windows\Installer\168d3b37.msi
c:\windows\Installer\168d3b38.msp
c:\windows\Installer\168d3b39.msp
c:\windows\Installer\168d3b3a.msp
c:\windows\Installer\168d3b3b.msp
c:\windows\Installer\168d3b3c.msp
c:\windows\Installer\168d3b3d.msp
c:\windows\Installer\168d3b3e.msp
c:\windows\Installer\168d3b3f.msp
c:\windows\Installer\168d3b40.msp
c:\windows\Installer\198d352.msp
c:\windows\Installer\34ef29d.msi
c:\windows\Installer\77820.msi
c:\windows\Installer\82e96.msi
c:\windows\Installer\82e97.msi
c:\windows\Installer\921e7.msi
c:\windows\Installer\afb40ad.msi
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-13 22:49 . 2009-07-13 22:49 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-07-13 22:49 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 22:49 . 2009-07-13 22:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 22:49 . 2009-07-13 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 22:49 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 22:48 . 2009-07-13 22:48 -------- d-----w- c:\program files\ERUNT
2009-07-13 20:48 . 2006-05-18 14:56 180224 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-13 20:48 . 2006-03-17 21:54 180224 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-13 20:43 . 2009-07-13 20:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Motive
2009-07-13 20:33 . 2009-07-13 20:33 -------- d-s---w- c:\documents and settings\HP_Owner\UserData
2009-07-13 20:22 . 2004-08-08 14:56 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Symantec
2009-07-13 20:22 . 2004-08-07 21:59 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SampleView
2009-07-13 20:22 . 2004-08-07 21:22 -------- d-----w- c:\documents and settings\HP_Owner\WINDOWS
2009-07-13 20:22 . 2009-07-13 20:33 -------- d-----w- c:\documents and settings\HP_Owner
2009-07-13 20:21 . 2004-08-07 21:37 128 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2009-07-13 20:21 . 2004-08-07 21:37 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-07-13 20:21 . 2004-08-07 21:22 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-07-13 20:21 . 2004-08-07 21:20 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple Computer
2009-07-13 20:21 . 2004-08-07 19:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2009-07-13 20:20 . 2003-09-19 08:47 10368 ------w- c:\windows\system32\drivers\pfc.sys
2009-07-13 20:20 . 2003-09-11 06:36 21060 ------w- c:\windows\system32\drivers\iviaspi.sys
2009-07-13 20:19 . 2004-07-27 17:21 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-07-13 20:19 . 2004-07-27 17:21 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-07-13 20:19 . 2004-07-27 17:21 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-07-13 20:19 . 2004-07-27 17:21 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-07-13 20:19 . 2004-07-27 17:21 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-07-13 20:19 . 2004-07-27 17:21 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-07-13 20:01 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-13 20:01 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-13 19:59 . 2004-08-04 06:10 61056 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-07-13 19:59 . 2004-08-04 06:10 53248 ----a-w- c:\windows\system32\drivers\1394bus.sys
2009-07-13 19:59 . 2001-08-17 20:46 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-07-13 19:43 . 2009-07-13 19:51 -------- d--h--r- C:\MSOCache
2009-07-13 19:42 . 2009-07-13 20:48 -------- dcsh--r- c:\windows\system32\dllcache
2009-07-13 15:59 . 2009-07-13 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\11307964
2009-07-11 05:08 . 2009-07-11 05:34 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\mIRC
2009-07-11 05:08 . 2009-07-11 05:24 -------- d-----w- c:\program files\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 02:51 . 2004-08-08 14:56 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-14 01:37 . 2004-08-08 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-14 01:36 . 2004-08-07 20:38 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-14 01:36 . 2004-08-07 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 01:35 . 2004-08-07 21:42 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 23:13 . 2009-04-13 06:16 -------- d-----w- c:\program files\Diablo II
2009-07-13 20:23 . 2009-07-13 20:22 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-07-13 20:22 . 2009-07-13 20:22 3990 --sha-r- c:\windows\system32\drivers\HP_PN153AA-ABA A785C_YC_Pavi_QMXR444_E44NAheBLU5_4_IPuffer_SASUSTeK Computer INC._V1.xx_B3.09_T041011_WXH2_L409_M512_J250_7Intel_8Pentium 4_93.4_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G10DE0391.MRK
2009-07-13 19:18 . 2009-03-21 15:58 -------- d-----w- c:\program files\DNA
2009-07-13 19:18 . 2009-03-21 15:58 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\DNA
2009-07-05 07:33 . 2008-07-04 09:43 -------- d-----w- c:\program files\Steam
2009-06-12 22:19 . 2009-06-12 22:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AdobeUM
2009-06-04 04:09 . 2008-02-28 05:02 -------- d-----w- c:\program files\World of Warcraft
2008-11-26 04:37 . 2008-11-26 04:37 1615 ----a-w- c:\program files\QuickTime Player.lnk
2008-11-26 04:31 . 2008-11-26 04:30 68756776 ----a-w- c:\program files\iTunesSetup.exe
2009-06-14 23:13 . 2008-06-30 03:50 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2004-08-04 06:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 08:38 2015744 A58AC1C6199EF34228ABEE7FC057AE09 c:\windows\system32\ntkrnlpa.exe
[7] 2004-08-04 19:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2004-08-04 07:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:08 2136064 1220FAF071DEA8653EE21DE7DCDA8BFD c:\windows\system32\ntoskrnl.exe
[7] 2004-08-04 19:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\ntoskrnl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-08-07 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 180269]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-22 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-12-09 70776]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\cfgwiz.exe" [2004-01-21 124056]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 218240]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-18 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-18 86016]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-30 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-02 73728]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-07-06 2550272]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-18 1519616]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\defrag.exe [2004-08-07 19:00]

2004-08-08 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-08 08:38]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Java\j2re1.4.2_03\bin\jucheck.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Completion time: 2009-07-14 19:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 02:54

Pre-Run: 186,058,469,376 bytes free
Post-Run: 186,067,890,176 bytes free

197

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:29 AM

Posted 27 July 2009 - 09:38 AM

Hi again,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back with the Kaspersky report and a fresh Rsit log.

Thanks

unite.jpg


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:29 AM

Posted 31 July 2009 - 06:12 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users