Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects, my computer stalling then freezing Options V V Track this topic V Email this topic V Print this topic V Download this topic V Sub


  • This topic is locked This topic is locked
5 replies to this topic

#1 MrPC2

MrPC2

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 04 August 2009 - 04:49 PM

hope this is now in the correct location, sorry for the inconvience

I have been running scans firewall CA but new issues seem to arise. Hope you can help


DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 16:46:59.98 on Tue 08/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3063.1824 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: Outpost Firewall Pro *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
FW: CA Personal Firewall *enabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SYSTEM32\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: JavaÖ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando] "c:\program files\pando networks\pando\Pando.exe" /Minimized
uRun: [<NO NAME>]
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [High Definition Audio Property Page Shortcut] "c:\windows\system32\HDAShCut.exe"
mRun: [SoundMan] "c:\windows\SOUNDMAN.EXE"
mRun: [AlcWzrd] "c:\windows\ALCWZRD.EXE"
mRun: [igfxtray] "c:\windows\system32\igfxtray.exe"
mRun: [igfxhkcmd] "c:\windows\system32\hkcmd.exe"
mRun: [igfxpers] "c:\windows\system32\igfxpers.exe"
mRun: [MaxBlastMonitor.exe] "c:\program files\maxtor\maxblast\MaxBlastMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\maxtor\maxblast\TimounterMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafwc] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [<NO NAME>]
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [DMXLauncher] c:\program files\roxio\cineplayer\DMXLauncher.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\torrent episode downloader\ted.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156064494640
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156067618437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://www.verizon.net/checkmypc/includes/MotivePreQual.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} - hxxp://www.detto.com/hpadvisor/DTMigAdv.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {16D904DB-A2E0-4EC4-9E1F-856EDD4AAFD6} = 66.133.170.2,170.215.255.114
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: PFW - UmxWnp.Dll
AppInit_DLLs: gtohhc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqQJDWp relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\4e16pftu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Searchalot
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\4e16pftu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\4e16pftu.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-7-23 26376]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-7-23 21128]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-7-23 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-7-23 21512]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-7-23 32264]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-2 41456]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-7-23 144960]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-6-24 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-6-24 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-6-24 281104]
R2 USBDriver;USBDriver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-7-23 242952]
R2 WinSvchostManager;WinSock Svchost Manager;c:\windows\system32\svcprs32.exe [2009-7-23 811008]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-12-3 36224]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2007-8-16 189704]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-7-23 108368]
S1 c2scsi;c2scsi; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 getPlus« Helper;getPlus« Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-3 66056]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S4 SessionLauncher;SessionLauncher; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-08-04 16:36 <DIR> --d----- c:\program files\Trend Micro
2009-08-04 09:48 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-04 09:48 <DIR> --d----- c:\program files\MSECACHE
2009-08-04 09:42 135,168 a------- c:\windows\system32\REN9DD.tmp
2009-08-01 11:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2009-08-01 11:03 <DIR> --d----- c:\program files\Winamp Remote
2009-08-01 08:36 <DIR> --d----- c:\program files\SQL Maestro Group
2009-08-01 08:36 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\SQLyog
2009-08-01 08:35 <DIR> --d----- c:\program files\SQLyog Enterprise Trial
2009-07-31 22:36 <DIR> --d----- c:\program files\SpacialAudio
2009-07-31 22:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Linksys
2009-07-31 22:20 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{35ACA973-70F0-495F-9092-74A130711865}
2009-07-31 22:19 <DIR> --d----- c:\program files\Linksys
2009-07-31 22:18 <DIR> --d----- c:\program files\WebEx
2009-07-31 22:18 23,984 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-31 22:18 25,264 a------- c:\windows\system32\drivers\purendis.sys
2009-07-31 22:18 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-07-31 22:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-07-31 22:16 939,368 a----r-- c:\windows\system32\myflash.ocx
2009-07-31 21:10 <DIR> --d----- c:\program files\MySQL
2009-07-31 21:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MySQL
2009-07-31 21:01 <DIR> --d----- c:\program files\Free M4a to MP3 Converter
2009-07-26 04:07 1,939 a------- C:\temp.png
2009-07-26 04:05 <DIR> --d----- c:\program files\InterActual
2009-07-24 07:39 82,788 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-07-24 07:39 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-07-24 07:32 540 a------- c:\windows\system32\CTSTATUS.FCS
2009-07-23 22:26 880,560 a------- c:\windows\system32\drivers\vetefile.sys
2009-07-23 22:26 108,368 a------- c:\windows\system32\drivers\veteboot.sys
2009-07-23 22:16 <DIR> --d----- c:\program files\common files\Scanner
2009-07-23 22:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CA
2009-07-23 22:14 <DIR> --d----- c:\program files\CA
2009-07-23 08:10 105,472 -------- c:\windows\system32\dllcache\dfrgntfs.exe
2009-07-21 19:59 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\InfraRecorder
2009-07-21 08:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-07-21 08:30 823 a------- c:\windows\system32\MMDRIVER.IN_
2009-07-20 16:54 0 a------- c:\windows\system32\SBRC.dat
2009-07-20 15:24 <DIR> --d----- c:\program files\Sunbelt Software
2009-07-19 19:51 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\IObit
2009-07-19 19:51 <DIR> --d----- c:\program files\IObit
2009-07-16 15:36 <DIR> --d----- c:\documents and settings\hp_administrator\Interactive
2009-07-16 15:36 <DIR> --d----- c:\documents and settings\hp_administrator\log
2009-07-16 15:35 46,456 a----r-- c:\windows\system32\exitwx.exe
2009-07-15 14:25 <DIR> --d----- c:\windows\LocalSSL
2009-07-14 19:43 <DIR> --d----- c:\program files\Free Create-Burn ISO Image
2009-07-14 19:36 45,056 a------- c:\windows\system32\WNASPI32.DLL
2009-07-14 19:36 16,877 a------- c:\windows\system32\drivers\ASPI32.SYS
2009-07-14 19:36 <DIR> --d----- c:\program files\Free Burn MP3-CD
2009-07-14 17:52 <DIR> --d----- c:\program files\Nero
2009-07-14 17:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-07-11 15:57 <DIR> --d----- c:\program files\VideoLAN
2009-07-11 15:24 <DIR> --d----- c:\program files\Cobian Backup 9
2009-07-09 20:28 <DIR> --d----- c:\program files\MagicDisc
2009-07-07 14:35 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\KC Softwares

==================== Find3M ====================

2009-08-04 10:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 22:16 2,105,344 a------- c:\windows\system32\win32cpr.dll
2009-07-23 22:16 1,433,699 a------- c:\windows\system32\winsflt.dll
2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-26 15:39 261 a------- c:\docume~1\hp_adm~1\applic~1\shedl.bat
2009-06-26 15:38 1,695,744 a------- c:\docume~1\hp_adm~1\applic~1\NTuser3.exe
2009-06-26 15:38 1,695,744 a------- c:\docume~1\hp_adm~1\applic~1\NTuser.exe
2009-06-17 11:27 38,160 -------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 -------- c:\windows\system32\drivers\mbam.sys
2009-06-16 10:36 119,808 -------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 01:18 108,343 -------- c:\windows\system32\trewzvbf.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-31 19:10 3,532 -------- C:\drmHeader.bin
2009-05-07 11:32 345,600 -------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2008-01-18 20:49 87,608 a------- c:\docume~1\hp_adm~1\applic~1\inst.exe
2008-01-18 20:49 47,360 a------- c:\docume~1\hp_adm~1\applic~1\pcouffin.sys
2007-06-24 17:53 87,608 a------- c:\docume~1\hp_adm~1\applic~1\ezpinst.exe
2006-10-20 13:52 42,580,512 a------- c:\documents and settings\hp_administrator\PR1227-.bin
2006-07-06 20:47 52,376 a------- c:\docume~1\hp_adm~1\applic~1\GDIPFONTCACHEV1.DAT
2006-04-25 01:52 13 ----h--- c:\docume~1\alluse~1\applic~1\┘Ţ├─3113Ť.sys
2005-07-29 23:53 479 ---shr-- c:\windows\dsrnthsove.dat
2005-11-02 13:10 128 ---shr-- c:\windows\Regbak.dat
2004-08-10 08:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 20:12 50,688 ---sh--- c:\windows\twain_32.dll
2004-08-20 09:26 1,216 ---sh--- c:\windows\Twunk_16.dll
2004-08-20 09:26 1,216 ---sh--- c:\windows\Twunk_32.dll
2002-07-31 19:55 106 ---sh--- c:\windows\WSYS049.SYS
2006-08-30 23:42 759 ---shr-- c:\windows\hp_administrator\local settings\application data\microsoft\ts config\MSttinantd.dll
2005-10-03 15:56 22 ---sh--- c:\windows\sminst\HPCD.sys
2005-07-29 23:53 479 ---shr-- c:\windows\system32\MSvonrsrvs.dll

============= FINISH: 16:47:47.79 ===============
Go to the top of the page


Edit Post

BC AdBot (Login to Remove)

 


#2 MrPC2

MrPC2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 05 August 2009 - 06:49 AM

Also wanted to add hijack this won't open tried from shortcut as well as from program files
any ideas greatly appreciated
also attached is the attach file
thanks for the reply

Hello MrPC2,

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Attached Files


Edited by The weatherman, 08 August 2009 - 06:20 PM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:31 PM

Posted 14 August 2009 - 01:49 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 MrPC2

MrPC2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 15 August 2009 - 08:51 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-08-15 21:48:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 63 GB (27%) free of 230 GB
Total RAM: 3063 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:51 PM, on 8/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\SYSTEM32\HDAShCut.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [MaxBlastMonitor.exe] "C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKUS\S-1-5-21-620847482-1603870078-4132299695-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-620847482-1603870078-4132299695-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-620847482-1603870078-4132299695-500\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" (User 'Administrator')
O4 - Startup: Shortcut to ted.lnk = C:\Program Files\Torrent Episode Downloader\ted.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related/st...geUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156064494640
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156067618437
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CD69D6AB-0D0D-4082-B3CF-6E5381FA227B} (MigrationAdvisor Class) - http://www.detto.com/hpadvisor/DTMigAdv.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D904DB-A2E0-4EC4-9E1F-856EDD4AAFD6}: NameServer = 66.133.170.2,170.215.255.114
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D904DB-A2E0-4EC4-9E1F-856EDD4AAFD6}: NameServer = 66.133.170.2,170.215.255.114
O17 - HKLM\System\CS2\Services\Tcpip\..\{16D904DB-A2E0-4EC4-9E1F-856EDD4AAFD6}: NameServer = 66.133.170.2,170.215.255.114
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: gtohhc.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Dantz - C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe

--
End of file - 13547 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as HP_Administrator at 10 16 PM.job
C:\WINDOWS\tasks\IObit Security 360.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\SYSTEM32\HDAShCut.exe [2005-01-07 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"MaxBlastMonitor.exe"=C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe [2007-04-20 1169720]
"AcronisTimounterMonitor"=C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe [2007-04-20 1945712]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe [2007-04-20 149024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SmartDefrag"=C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-02 2453264]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-07-30 177392]
"dvHighMem"=C:\WINDOWS\cfgmng32.exe [2007-11-19 10924032]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-07-30 230664]
"cafwc"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe [2009-07-23 1193200]
"capfasem"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe [2009-07-23 173296]
""= []
"capfupgrade"=C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe [2009-07-23 259312]
"DMXLauncher"=C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [2006-07-26 102400]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2009-07-23 14088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"ProcessSupervisorGUI"=C:\Program Files\Process Lasso\processlasso.exe [2009-06-30 335888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2006-09-21 474112]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Pando"=C:\Program Files\Pando Networks\Pando\Pando.exe [2009-07-08 4045496]
""= []
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2009-06-30 174608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHIN PING PHONE PILE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-22 188416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [2006-03-27 712704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-03-31 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\pando.exe [2009-07-08 4045496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe [2006-02-06 18583552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TEAM PLAY]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tunebite.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\utorrent.exe [2009-08-02 288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^StartUp^AWU254 Wireless Client Utility.lnk]
C:\PROGRA~1\AZiO\AWU254\INSTAL~1\WINXP\AWU254~1.EXE [2007-04-30 602112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^StartUp^Yahoo! Widgets.lnk]
[]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\StartUp
Shortcut to ted.lnk - C:\Program Files\Torrent Episode Downloader\ted.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="gtohhc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW]
C:\WINDOWS\SYSTEM32\UmxWnp.Dll [2007-05-18 79368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\urqQJDWp
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\EZ-2-Serve\mIRC.exe"="C:\EZ-2-Serve\mIRC.exe:*:Enabled:mIRC"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\BPFTP Server\bpftpserver.exe"="C:\Program Files\BPFTP Server\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\WINDOWS\system32\Notepad.exe %1
.js - open - C:\WINDOWS\system32\WScript.exe "%1" %*
.vbs - edit - C:\WINDOWS\system32\Notepad.exe %1
.vbs - open - C:\WINDOWS\system32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-15 21:48:09 ----D---- C:\rsit
2009-08-15 09:19:42 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ProcessLasso
2009-08-15 09:19:35 ----D---- C:\Program Files\Process Lasso
2009-08-14 13:53:48 ----D---- C:\WINDOWS\CAVTemp
2009-08-13 13:30:28 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-08-13 13:30:28 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-08-13 13:30:28 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-08-13 13:30:27 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-08-13 13:30:26 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-08-13 13:30:26 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-08-13 13:30:26 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-08-13 13:30:26 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-08-13 13:30:25 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-08-13 13:30:24 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-08-13 13:30:24 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-08-13 13:30:24 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-08-13 13:30:24 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-08-13 13:30:23 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-08-13 13:30:23 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-08-13 13:30:23 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-08-13 13:30:23 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-08-13 13:30:22 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-08-13 13:30:21 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-08-13 13:30:21 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-08-13 13:30:21 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-13 13:30:21 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-13 13:30:21 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-13 13:30:20 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-08-13 13:30:20 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-08-13 13:30:20 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-08-13 13:30:20 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-08-13 13:30:19 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-08-13 13:30:19 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-13 13:30:19 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-13 13:30:19 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-13 13:30:18 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-08-13 13:30:18 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-08-13 13:30:17 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-13 13:30:17 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-13 13:30:16 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-13 13:30:15 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-08-13 13:28:40 ----D---- C:\WINDOWS\Logs
2009-08-13 03:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:01:06 ----A---- C:\WINDOWS\imsins.BAK
2009-08-13 03:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-10 14:24:59 ----A---- C:\WINDOWS\iun6002.exe
2009-08-10 14:24:58 ----D---- C:\Program Files\JustKaraoke
2009-08-09 02:37:33 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2009-08-08 09:42:44 ----D---- C:\Program Files\Apple Software Update
2009-08-08 09:42:44 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-06 13:29:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-06 12:21:17 ----D---- C:\Program Files\Panda Security
2009-08-05 16:24:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2009-08-04 16:36:37 ----D---- C:\Program Files\Trend Micro
2009-08-04 09:48:36 ----D---- C:\Program Files\Windows Installer Clean Up
2009-08-04 09:48:26 ----D---- C:\Program Files\MSECACHE
2009-08-03 16:44:22 ----D---- C:\Program Files\NOS
2009-08-03 16:44:22 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-03 01:25:52 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-08-01 11:03:45 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2009-08-01 11:03:43 ----D---- C:\Program Files\Winamp Remote
2009-08-01 08:36:42 ----D---- C:\Program Files\SQL Maestro Group
2009-08-01 08:36:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\SQLyog
2009-08-01 08:35:46 ----D---- C:\Program Files\SQLyog Enterprise Trial
2009-07-31 22:36:54 ----D---- C:\Program Files\SpacialAudio
2009-07-31 22:21:10 ----D---- C:\Documents and Settings\All Users\Application Data\Linksys
2009-07-31 22:20:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2009-07-31 22:19:26 ----D---- C:\Program Files\Linksys
2009-07-31 22:18:55 ----D---- C:\Program Files\WebEx
2009-07-31 22:18:08 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-07-31 22:17:51 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-07-31 21:10:22 ----D---- C:\Program Files\MySQL
2009-07-31 21:10:22 ----D---- C:\Documents and Settings\All Users\Application Data\MySQL
2009-07-31 21:01:14 ----D---- C:\Program Files\Free M4a to MP3 Converter
2009-07-26 04:05:43 ----D---- C:\Program Files\InterActual
2009-07-23 22:16:57 ----A---- C:\WINDOWS\system32\vetredir.dll
2009-07-23 22:16:57 ----A---- C:\WINDOWS\system32\isafprod.dll
2009-07-23 22:16:57 ----A---- C:\WINDOWS\system32\isafeif.dll
2009-07-23 22:16:54 ----A---- C:\caavsetupLog.txt
2009-07-23 22:16:42 ----A---- C:\WINDOWS\system32\mkghj.dll
2009-07-23 22:16:35 ----D---- C:\Program Files\Common Files\Scanner
2009-07-23 22:16:11 ----A---- C:\WINDOWS\system32\winsflt.dll
2009-07-23 22:16:11 ----A---- C:\WINDOWS\system32\win32cpr.dll
2009-07-23 22:16:11 ----A---- C:\WINDOWS\system32\svcprs32.exe
2009-07-23 22:16:11 ----A---- C:\WINDOWS\system32\mdmcls32.exe
2009-07-23 22:16:09 ----D---- C:\WINDOWS\rnapxs
2009-07-23 22:16:09 ----A---- C:\WINDOWS\system32\winsflte.dll
2009-07-23 22:16:09 ----A---- C:\WINDOWS\system32\sporder.dll
2009-07-23 22:16:09 ----A---- C:\WINDOWS\cfgmng32.exe
2009-07-23 22:14:47 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-07-23 22:14:46 ----D---- C:\Program Files\CA
2009-07-23 22:14:01 ----A---- C:\caisslog.txt
2009-07-21 19:59:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\InfraRecorder
2009-07-21 11:01:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-21 08:55:03 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2009-07-20 15:24:58 ----D---- C:\Program Files\Sunbelt Software
2009-07-19 19:51:24 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\IObit
2009-07-19 19:51:23 ----D---- C:\Program Files\IObit
2009-07-16 15:35:28 ----RA---- C:\WINDOWS\system32\exitwx.exe

======List of files/folders modified in the last 1 months======

2009-08-15 21:48:27 ----D---- C:\WINDOWS\TEMP
2009-08-15 21:48:08 ----D---- C:\WINDOWS\Prefetch
2009-08-15 21:37:53 ----D---- C:\Program Files\Mozilla Firefox
2009-08-15 21:37:44 ----D---- C:\Program Files\Mozilla Thunderbird
2009-08-15 14:01:12 ----D---- C:\WINDOWS\system32
2009-08-15 14:01:12 ----D---- C:\WINDOWS
2009-08-15 09:19:35 ----D---- C:\Program Files
2009-08-14 13:53:17 ----D---- C:\WINDOWS\Registration
2009-08-14 13:51:19 ----D---- C:\WINDOWS\system32\drivers
2009-08-14 10:55:03 ----HD---- C:\Config.Msi
2009-08-14 10:54:54 ----SHD---- C:\WINDOWS\Installer
2009-08-14 10:33:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-14 10:33:19 ----D---- C:\Program Files\ESET
2009-08-14 07:55:04 ----D---- C:\Program Files\PeerGuardian2
2009-08-14 03:02:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-14 03:00:44 ----HD---- C:\WINDOWS\inf
2009-08-14 03:00:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-13 13:37:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 13:37:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-13 13:30:28 ----D---- C:\WINDOWS\system32\DirectX
2009-08-13 13:27:12 ----D---- C:\WINDOWS\Help
2009-08-13 03:04:21 ----RSD---- C:\WINDOWS\assembly
2009-08-13 03:02:57 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-13 03:01:38 ----D---- C:\Program Files\Outlook Express
2009-08-09 22:05:16 ----D---- C:\EZ-2-Serve
2009-08-08 09:43:49 ----D---- C:\Program Files\QuickTime
2009-08-08 09:42:56 ----SD---- C:\WINDOWS\Tasks
2009-08-08 04:39:35 ----D---- C:\Program Files\BPFTP Server
2009-08-06 13:15:13 ----D---- C:\Program Files\Java
2009-08-05 16:15:04 ----D---- C:\Program Files\RegCure
2009-08-05 12:38:25 ----D---- C:\My Downloads
2009-08-05 05:01:48 ----N---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-02 20:37:04 ----D---- C:\Program Files\uTorrent
2009-08-02 17:28:18 ----SHD---- C:\WINDOWS\CSC
2009-08-01 11:05:39 ----D---- C:\Program Files\Winamp
2009-08-01 09:46:17 ----D---- C:\Program Files\SHOUTcast
2009-07-31 22:18:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-31 22:18:08 ----D---- C:\WINDOWS\WinSxS
2009-07-31 22:18:08 ----D---- C:\Program Files\Common Files
2009-07-31 20:44:30 ----D---- C:\Program Files\Microsoft SQL Server
2009-07-30 17:12:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 03:16:37 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-29 03:11:10 ----D---- C:\Program Files\Common Files\Merge Modules
2009-07-29 03:01:04 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:04 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:00:51 ----D---- C:\WINDOWS\ie7updates
2009-07-27 17:44:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-26 15:01:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-26 04:06:50 ----A---- C:\WINDOWS\wininit.ini
2009-07-26 04:05:10 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-26 04:05:01 ----D---- C:\Program Files\Roxio
2009-07-25 18:46:41 ----D---- C:\Program Files\Pando Networks
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-24 15:49:52 ----D---- C:\Program Files\LimeWireTurbo
2009-07-24 15:04:03 ----D---- C:\Program Files\Replay Media Catcher
2009-07-23 17:13:55 ----D---- C:\WINDOWS\system32\config
2009-07-23 08:11:37 ----D---- C:\Program Files\Defraggler
2009-07-21 18:03:10 ----D---- C:\temp
2009-07-21 17:47:58 ----D---- C:\WINDOWS\system32\wbem
2009-07-21 10:45:46 ----D---- C:\WINDOWS\I386
2009-07-21 09:37:48 ----D---- C:\WINDOWS\Minidump
2009-07-21 09:37:48 ----D---- C:\WINDOWS\Debug
2009-07-19 19:52:43 ----D---- C:\WINDOWS\system32\Restore
2009-07-19 19:52:42 ----SHD---- C:\System Volume Information
2009-07-19 19:49:37 ----D---- C:\Program Files\Ashampoo
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 00:41:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-16 15:36:25 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 KmxAgent;KmxAgent; C:\WINDOWS\System32\DRIVERS\kmxagent.sys [2008-06-24 63504]
R1 KmxFile;KmxFile; C:\WINDOWS\System32\DRIVERS\KmxFile.sys [2008-06-24 45584]
R1 KmxFw;KmxFw; C:\WINDOWS\System32\DRIVERS\kmxfw.sys [2008-06-24 115216]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-07-23 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-21 8064]
R2 KmxCF;KmxCF; C:\WINDOWS\System32\DRIVERS\KmxCF.sys [2008-06-24 134648]
R2 KmxSbx;KmxSbx; C:\WINDOWS\System32\DRIVERS\KmxSbx.sys [2008-06-24 66576]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-20 32768]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-09-14 20096]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 KmxCfg;KmxCfg; C:\WINDOWS\System32\DRIVERS\kmxcfg.sys [2008-06-24 88816]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\LNE100V5.sys [2001-10-24 36224]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-18 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-07-23 108368]
S1 c2scsi;c2scsi; C:\WINDOWS\system32\drivers\c2scsi.sys []
S1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2002-11-22 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys [2002-11-22 16112]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2002-11-22 18928]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2005-04-06 15360]
S3 neokdss;neokdss; C:\WINDOWS\system32\Drivers\neokdss.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 RT73;AWU254 Wireless Adapter; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2007-12-11 26784]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IFP700;iRiver Internet Audio Player IFP-700; C:\WINDOWS\system32\drivers\ifp700.sys []
S4 MREMPR5;MREMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MREMPR5.sys []
S4 MRENDIS5;MRENDIS5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\MRENDIS5.sys []
S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2007-08-18 57328]
S4 SABProcEnum;SABProcEnum; C:\WINDOWS\system32\drivers\SABProcEnum.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 NTService1;MaxSyncService; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [2006-02-07 106496]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RetroExpLauncher;Retrospect Express HD Launcher; C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe [2006-02-06 73728]
R2 UmxAgent;HIPS Event Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [2008-06-24 1010192]
R2 UmxCfg;HIPS Configuration Interpreter; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [2008-06-24 801296]
R2 UmxFwHlp;HIPS Firewall Helper; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe [2008-06-24 145936]
R2 UmxPol;HIPS Policy Manager; C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe [2008-06-24 281104]
R2 USBDriver;USBDriver; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-07-30 242952]
R2 WinSvchostManager;WinSock Svchost Manager; C:\WINDOWS\system32\svcprs32.exe [2007-11-19 811008]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-07-30 214256]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 RetroExp Helper;Retrospect Express HD Helper; C:\PROGRA~1\RETROS~1\RETROS~1.1\rthlpsvc.exe [2006-02-06 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2002-11-22 77824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-10-15 243056]

-----------------EOF-----------------

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:31 PM

Posted 17 August 2009 - 10:14 AM

The item(s) below indicate(s) you have installed .

C:\Program Files\uTorrent\uTorrent.exe

Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, I ask that you remove P2P file sharing programs prior to my providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
To remove the P2P program:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight , click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
  • Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  • Close Windows Explorer.
There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
  • P2P programs form a direct conduit on to your computer.
  • P2P security measures are easily circumvented.
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  • There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
  • P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
  • This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
  • Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
  • When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.
References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

Please uninstall all P2P programs and post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:31 PM

Posted 02 September 2009 - 07:14 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users