Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Trojan horse Vundo.JD"


  • This topic is locked This topic is locked
22 replies to this topic

#1 happygmc

happygmc

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 23 December 2009 - 02:44 AM

Greeting and first thank you for a great site and help. Around December 6th or 7th I was pushed a copy of Google Desktop from a site I was visiting and thought, well why not and installed Google Desktop (I have since Uninstalled it). Since that time, people on my yahoo contact list have been getting emails from me with blank subject lines and links to bogus sites. One sent the email back to me and it tried to load 123greetings.com card and asked to download a newer version of flash which I tried that hung my computer. These rogue emails were even going out with time stamps when I had the computer turned completely off. A few days later I would be idle on a web page (like my yahoo mail account) when a new window wold pop with advertisement something like dgr???? I re-installed AVG who found the "Trojan horse Vundo.JD" in c:windowssystem32csrss.exe(704)mem_00200270000?? and c:windowssystem32csrss.exe(704). I tried rebooting as AVG suggested and rescanning and the virus was still there. I then tried in this sequence ccleaner->avg->Advanced SystemCare -> IObit Security 360 -> Malwarebytes Anti Malware -> Housecall; I tried McAfee striker, and from Bleeping Computer.com topic How to Remove WinFixer/Vitumonde/MSevents/Trojan.vundo - in sequence rkill ->malwarebytes -> avg => which at this point the virus was gone but Firefox, IE were all very slow and the pop up ads continued. Upon reboot and running of AVG the "Trojan horse Vundo.JD" reappears. I then tried VundoFix which reported no viruses; VirtumundoBegone in Safemode whcih also reported no virus.

What this is doing is hijacking my computer and popping up new windows, it has taken my address book from my yahoo email and sent emails to everyone with no subject line and harmful links, even when my computer has been turned off. AVG finds it but apparently nothing else. The new window spam ads are popping up with increasing frequency and my yahoo email is inundated with spam advertisements. On reboot the virus resurfaces.



I just followed your "Prepartion for Using HijackThis and Other Malware Removal Tools" with the folowing results:

DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 23:04:27.18 on Tue 12/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.302 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSsystem32svchost -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe -k LocalService
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program Filese-Trendsetrnd.exe
C:Program FilesMicrosoft Small BusinessBusiness Contact ManagerBcmSqlStartupSvc.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32svchost.exe -k hpdevmgmt
C:WINDOWSsystem32svchost.exe -k HPService
C:Program FilesIObitIObit Security 360IS360srv.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesPicasa2PicasaMediaDetector.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesJavajre6binjusched.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSvVX6000.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesIObitIObit Security 360IS360tray.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesIObitAdvanced SystemCare 3AWC.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesMicrosoft OfficeOffice14OfficeSASofficeSASscheduler.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesLinksysWUSB600NWUSB600N.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlbrowser.exe
C:Program FilesMicrosoft OfficeOffice14OfficeSASOfficeSAS.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesWestern DigitalWD Drive ManagerWDBtnMgrSvc.exe
c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLBinnsqlservr.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSSystem32alg.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:WINDOWSsystem32wbemunsecapp.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesHPDigital Imagingbinhpqbam08.exe
C:Program FilesHPDigital Imagingbinhpqgpc01.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:Program FilesHPDigital ImagingSmart Web Printinghpswp_clipbook.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32msdtc.exe
C:Documents and SettingsOwnerDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:program fileshpdigital imagingsmart web printinghpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:program filesmicrosoftsearch enhancement packsearch helperSEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:progra~1micros~2office14URLREDIR.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmsntoolbar3.0.1125.0msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:program fileswindows livetoolbarwltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:program filesmsntoolbar3.0.1125.0msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:program fileswindows livetoolbarwltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:program fileswindows livemessengermsnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:program filesiobitadvanced systemcare 3AWC.exe" /startup
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [e-Trends Software Installation Helper] c:program filese-trendsethelper.exe -brand=e-Trends
mRun: [hpqSRMon] c:program fileshpdigital imagingbinhpqSRMon.exe
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [WD Drive Manager] c:program fileswestern digitalwd drive managerWDBtnMgrUI.exe
mRun: [Picasa Media Detector] c:program filespicasa2PicasaMediaDetector.exe
mRun: [SGPUpdater] c:program filessearch guard plususgpUpdaters.exe
mRun: [Microsoft Default Manager] "c:program filesmicrosoftsearch enhancement packdefault managerDefMgr.exe" -resume
mRun: [HP Software Update] c:program fileshphp software updateHPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe"
mRun: [VX6000] c:windowsvVX6000.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [BCSSync] "c:program filesmicrosoft officeoffice14BCSSync.exe" /DelayServices
mRun: [IObit Security 360] "c:program filesiobitiobit security 360IS360tray.exe" /autostart
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t
StartupFolder: c:docume~1alluse~1startm~1programsstartuphpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupoffice~1.lnk - c:program filesmicrosoft officeoffice14officesasofficeSASscheduler.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupwinzip~1.lnk - c:program fileswinzipWZQKPICK.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupwirele~1.lnk - c:program fileslinksyswusb600nWUSB600N.exe
IE: E&xport to Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://esi-intl.webex.com/client/T27L/event/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:program filescommon filesmicrosoft sharedoffice14MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: e-Trends - c:program filese-trendsetls.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1ownerapplic~1mozillafirefoxprofilesljyzb4ex.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2384137&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesljyzb4ex.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - component: c:documents and settingsownerapplication datamozillafirefoxprofilesljyzb4ex.defaultextensions{31c7d459-9cc3-44f2-9dca-fc11795309b4}componentsFFExternalAlert.dll
FF - component: c:program filesavgavg9firefoxcomponentsavgssff.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils2.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils3.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsIGeared_tavgp_xputils35.dll
FF - component: c:program filesavgavg9toolbarfirefoxavg@igearedcomponentsxpavgtbapi.dll
FF - component: c:program filese-trendscomponentsetxg.dll
FF - plugin: c:progra~1micros~2office14NPAUTHZ.DLL
FF - plugin: c:progra~1micros~2office14NPSPWRAP.DLL
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:program filese-Trends
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2009-9-3 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-12-20 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-12-20 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:windowssystem32driversavgtdix.sys [2009-12-20 360584]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2009-12-20 285392]
R2 IS360service;IS360service;c:program filesiobitiobit security 360is360srv.exe [2009-12-20 312592]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:program fileswestern digitalwd drive managerWDBtnMgrSvc.exe [2008-1-30 106496]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:windowssystem32driversrt2870.sys [2007-12-14 551680]
S2 gupdate1c9ee14adaeb690;Google Update Service (gupdate1c9ee14adaeb690);c:program filesgoogleupdateGoogleUpdate.exe [2009-6-15 133104]
S3 osppsvc;Office Software Protection Platform;c:program filescommon filesmicrosoft sharedofficesoftwareprotectionplatformOSPPSVC.EXE [2009-9-26 4639136]
S3 VX6000;Microsoft LifeCam VX-6000;c:windowssystem32driversVX6000Xp.sys [2009-11-14 2077840]

=============== Created Last 30 ================

2009-12-23 06:30:50 0 d-----w- c:windowssystem32NtmsData
2009-12-22 18:14:33 0 d-----w- c:program filesVirus Suspects
2009-12-22 05:28:23 0 d-----w- C:VundoFix Backups
2009-12-22 05:22:26 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2009-12-22 05:22:23 19160 ----a-w- c:windowssystem32driversmbam.sys
2009-12-22 05:22:23 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2009-12-20 21:56:35 0 d--h--w- C:$AVG
2009-12-20 21:56:18 360584 ----a-w- c:windowssystem32driversavgtdix.sys
2009-12-20 21:56:18 12464 ----a-w- c:windowssystem32avgrsstx.dll
2009-12-20 21:56:07 333192 ----a-w- c:windowssystem32driversavgldx86.sys
2009-12-20 21:55:55 0 d-----w- c:windowssystem32driversAvg
2009-12-20 21:55:51 0 d-----w- c:docume~1alluse~1applic~1AVG Security Toolbar
2009-12-20 21:55:20 0 d-----w- c:docume~1alluse~1applic~1avg9
2009-12-20 21:19:41 0 d-----w- c:docume~1alluse~1applic~1IObit
2009-12-20 20:06:32 0 d-----w- c:program filesIObit
2009-12-20 20:06:32 0 d-----w- c:docume~1ownerapplic~1IObit
2009-12-20 19:58:46 0 d-----w- c:docume~1ownerapplic~1Malwarebytes
2009-12-20 19:58:37 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2009-12-20 19:54:22 0 d-----w- c:program filesCCleaner
2009-12-17 01:02:33 0 d-----w- c:program filesMicrosoft Synchronization Services
2009-12-17 01:01:19 0 d-----w- c:documents and settingsall usersMicrosoft
2009-12-17 01:00:46 0 d-----w- c:program filesMicrosoft Analysis Services
2009-12-16 03:22:06 0 d-----w- c:docume~1alluse~1applic~1Trymedia
2009-12-16 03:01:40 0 d-----w- C:GameHouse Games
2009-12-16 03:00:51 0 d-----w- c:program filesRealArcade
2009-12-12 01:58:05 77374 ----a-w- c:windowshpqins05.dat

==================== Find3M ====================

2009-10-29 07:46:59 832512 ----a-w- c:windowssystem32wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:windowssystem32ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:windowssystem32corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:windowssystem32rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:windowssystem32raschap.dll
2009-10-11 12:17:27 411368 ----a-w- c:windowssystem32deploytk.dll
2009-09-26 11:32:10 1205080 ----a-w- c:windowssystem32FM20.DLL
2009-09-26 11:32:08 31600 ----a-w- c:windowssystem32FM20ENU.DLL
2009-07-28 02:18:43 77464 -c--a-w- c:program filesOpenWorkbench_116_ReleaseNotes.pdf

============= FINISH: 23:07:18.13 ===============

Can you tell me how to remove this low level virus from the computer?
Thank
Thank

Thank you in advance for your help. :(

One correction AVG is finding virus at C:windowssystem32csrss.exe (700) mem_002700000.

Please let me know how to proceed. Thank you. :(

===========
Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 19 August 2010 - 12:59 AM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:11 AM

Posted 04 January 2010 - 01:00 PM

Hello and welcome to Bleeping Computer! :(

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 04 January 2010 - 06:18 PM

Thank you. I am still having this problem with computer deteriorating. I have been modifying security settings in windows to try and work around as this has almost made my computer completely un-usable.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:08:39.13 on Mon 01/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\e-Trends\etrnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar =
uInternet Settings,ProxyServer = 172.17.1.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [e-Trends Software Installation Helper] c:\program files\e-trends\ethelper.exe -brand=e-Trends
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [SGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://esi-intl.webex.com/client/T27L/event/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: e-Trends - c:\program files\e-trends\etls.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ojkp2xf5.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\e-trends\components\etxg.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\e-Trends
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-3 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-20 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-20 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-20 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-20 285392]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-12-20 312592]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S2 gupdate1c9ee14adaeb690;Google Update Service (gupdate1c9ee14adaeb690);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-11-14 2077840]

=============== Created Last 30 ================

2009-12-27 21:11:33 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-25 00:56:32 0 d-----w- C:\495d047615924e0ad2fc
2009-12-23 06:30:50 0 d-----w- c:\windows\system32\NtmsData
2009-12-22 18:14:33 0 d-----w- c:\program files\Virus Suspects
2009-12-22 05:28:23 0 d-----w- C:\VundoFix Backups
2009-12-22 05:22:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 05:22:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 05:22:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 21:56:35 0 d--h--w- C:\$AVG
2009-12-20 21:56:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-20 21:56:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-20 21:56:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-20 21:55:55 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-20 21:55:51 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-20 21:55:20 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-20 21:19:41 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-20 20:06:32 0 d-----w- c:\program files\IObit
2009-12-20 20:06:32 0 d-----w- c:\docume~1\owner\applic~1\IObit
2009-12-20 19:58:46 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-20 19:58:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-20 19:54:22 0 d-----w- c:\program files\CCleaner
2009-12-17 01:02:33 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-12-17 01:01:19 0 d-----w- c:\documents and settings\all users\Microsoft
2009-12-17 01:00:46 0 d-----w- c:\program files\Microsoft Analysis Services
2009-12-16 03:22:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-12-16 03:01:40 0 d-----w- C:\GameHouse Games
2009-12-16 03:00:51 0 d-----w- c:\program files\RealArcade
2009-12-12 01:58:05 77374 ----a-w- c:\windows\hpqins05.dat

==================== Find3M ====================

2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 02:18:43 77464 -c--a-w- c:\program files\OpenWorkbench_116_ReleaseNotes.pdf

============= FINISH: 15:11:48.23 ===============

#4 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 04 January 2010 - 06:18 PM

Thank you. I am still having this problem with computer deteriorating. I have been modifying security settings in windows to try and work around as this has almost made my computer completely un-usable.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 15:08:39.13 on Mon 01/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.405 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\e-Trends\etrnd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\vVX6000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Owner\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Bar =
uInternet Settings,ProxyServer = 172.17.1.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [e-Trends Software Installation Helper] c:\program files\e-trends\ethelper.exe -brand=e-Trends
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
mRun: [SGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://esi-intl.webex.com/client/T27L/event/ieatgpc.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: e-Trends - c:\program files\e-trends\etls.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\ojkp2xf5.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\e-trends\components\etxg.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\e-Trends
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-3 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-20 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-20 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-20 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-20 285392]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-12-20 312592]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
S2 gupdate1c9ee14adaeb690;Google Update Service (gupdate1c9ee14adaeb690);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-11-14 2077840]

=============== Created Last 30 ================

2009-12-27 21:11:33 0 d--h--w- c:\windows\system32\GroupPolicy
2009-12-25 00:56:32 0 d-----w- C:\495d047615924e0ad2fc
2009-12-23 06:30:50 0 d-----w- c:\windows\system32\NtmsData
2009-12-22 18:14:33 0 d-----w- c:\program files\Virus Suspects
2009-12-22 05:28:23 0 d-----w- C:\VundoFix Backups
2009-12-22 05:22:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 05:22:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 05:22:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-20 21:56:35 0 d--h--w- C:\$AVG
2009-12-20 21:56:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-20 21:56:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-20 21:56:07 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-20 21:55:55 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-20 21:55:51 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-20 21:55:20 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-20 21:19:41 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2009-12-20 20:06:32 0 d-----w- c:\program files\IObit
2009-12-20 20:06:32 0 d-----w- c:\docume~1\owner\applic~1\IObit
2009-12-20 19:58:46 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-12-20 19:58:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-20 19:54:22 0 d-----w- c:\program files\CCleaner
2009-12-17 01:02:33 0 d-----w- c:\program files\Microsoft Synchronization Services
2009-12-17 01:01:19 0 d-----w- c:\documents and settings\all users\Microsoft
2009-12-17 01:00:46 0 d-----w- c:\program files\Microsoft Analysis Services
2009-12-16 03:22:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-12-16 03:01:40 0 d-----w- C:\GameHouse Games
2009-12-16 03:00:51 0 d-----w- c:\program files\RealArcade
2009-12-12 01:58:05 77374 ----a-w- c:\windows\hpqins05.dat

==================== Find3M ====================

2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 02:18:43 77464 -c--a-w- c:\program files\OpenWorkbench_116_ReleaseNotes.pdf

============= FINISH: 15:11:48.23 ===============

Attached Files



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:11 AM

Posted 05 January 2010 - 09:53 AM

Hello and welcome to BleepingComputer from me as well! :(

I will be helping you with your issue, please provide the following logs for further analysis:

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
As well as a log from Gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

I see that you have run Malwarebytes. Did it pick up any infections?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 January 2010 - 11:58 AM

Hi Myrti,

Thank you for your help and I look forward to working with you. I have rn the OTL with the attached results. I ran the GMER and was about to save the reports when the computer shut down with a Blue Screen "System Failure Error" I will re-run and save and send you those results in a few minuts.

Thanks - Happygmc

Attached Files



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:11 AM

Posted 05 January 2010 - 12:39 PM

Hi,

please post the logs into your replies instead of attaching them. I will wait for the gmer log before giving further instructions. :(

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 January 2010 - 01:29 PM

Thanks Mryti,

Sorry about attaching, here are the logs:

OTL:
OTL logfile created on: 1/5/2010 7:17:39 AM - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 440.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.43 Gb Free Space | 54.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-4912F2195
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/05 07:07:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/12/31 12:08:51 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/20 13:55:33 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/12/20 13:55:32 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/20 13:55:32 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/20 13:55:31 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/20 13:55:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/20 13:51:34 | 02,335,880 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/11/18 14:00:00 | 00,495,432 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/11/14 11:51:24 | 01,278,736 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/26 05:00:52 | 00,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 05:00:52 | 00,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009/09/18 06:45:16 | 01,760,896 | ---- | M] (TMRG, Inc.) -- C:\Program Files\e-Trends\etrnd.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/17 14:24:10 | 00,713,744 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\vVX6000.exe
PRC - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/08 14:50:04 | 00,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/16 19:11:26 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/16 19:11:26 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/10/16 18:23:30 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/04/14 04:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/01/30 03:52:22 | 00,106,496 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/09 04:44:20 | 06,922,240 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
PRC - [2007/02/20 17:18:32 | 00,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2006/04/01 06:32:08 | 00,319,488 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe


========== Modules (SafeList) ==========

MOD - [2010/01/05 07:07:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/14 11:51:20 | 00,237,840 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/20 13:55:25 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/26 04:28:22 | 04,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/26 03:31:58 | 00,149,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/09/09 20:46:52 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/15 15:54:41 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ee14adaeb690) Google Update Service (gupdate1c9ee14adaeb690)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/17 14:24:06 | 00,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/16 18:30:28 | 00,634,880 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2008/10/16 18:24:24 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/30 03:52:22 | 00,106,496 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/01/11 16:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/04/01 06:32:08 | 00,319,488 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/20 13:56:18 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/12/20 13:56:07 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/20 13:56:04 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/03 16:29:26 | 00,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/17 14:24:10 | 02,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/03/09 11:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/23 18:34:30 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/10/23 18:34:29 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2008/10/23 18:34:29 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/06/25 11:37:52 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2008/06/25 11:31:41 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2008/04/14 04:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/14 17:04:24 | 00,551,680 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2006/11/28 20:46:20 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/09/27 13:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/04/01 06:32:08 | 00,594,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/07/15 12:22:34 | 00,159,236 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2002/07/15 12:20:44 | 01,174,128 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/15 12:14:36 | 00,602,480 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2001/10/22 12:46:42 | 00,009,855 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/08/17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 10:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 04:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\S-1-5-21-1106892850-2189113863-1378109196-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\S-1-5-21-1106892850-2189113863-1378109196-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.1:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: {6E19037A-12E3-4295-8915-ED48BC341614}:1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\e-Trends [2009/10/15 20:12:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/09 19:53:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/20 13:55:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/20 13:55:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/21 17:07:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/30 11:36:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/30 11:36:35 | 00,000,000 | ---D | M]

[2009/12/30 11:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/04 16:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions
[2010/01/04 16:41:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - Reg Error: Value error. File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [e-Trends Software Installation Helper] C:\Program Files\e-Trends\ethelper.exe (e-Trends)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk = C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe (Linksys)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-1106892850-2189113863-1378109196-1003\..Trusted Domains: 12 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://esi-intl.webex.com/client/T27L/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\e-Trends: DllName - C:\Program Files\e-Trends\etls.dll - C:\Program Files\e-Trends\etls.dll (TMRG, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/22 21:21:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c380ac20-b98d-11dd-9ab7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c380ac20-b98d-11dd-9ab7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c380ac20-b98d-11dd-9ab7-806d6172696f}\Shell\AutoRun\command - "" = D:\sysprep.exe -- File not found
O33 - MountPoints2\{e44d3cf2-9f23-11de-995e-000874484b43}\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/05 07:07:13 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/04 22:50:56 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/12/30 11:36:06 | 08,086,544 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.6.exe
[2009/12/30 10:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2009/12/27 13:11:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/12/24 16:56:32 | 00,000,000 | ---D | C] -- C:\495d047615924e0ad2fc
[2009/12/22 23:10:09 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/12/22 22:30:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/12/22 22:11:12 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/12/22 22:08:34 | 00,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe
[2009/12/22 21:39:31 | 00,119,808 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/22 10:14:33 | 00,000,000 | ---D | C] -- C:\Program Files\Virus Suspects
[2009/12/22 08:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\PC Problems
[2009/12/21 21:28:23 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/12/21 21:22:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/21 21:22:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/21 21:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/21 17:08:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/12/21 17:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/12/21 15:04:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/20 14:53:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar
[2009/12/20 13:56:35 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/12/20 13:56:18 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/20 13:56:18 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/20 13:56:07 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/20 13:56:04 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/20 13:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/12/20 13:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/12/20 13:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/20 13:53:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/20 13:53:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/20 13:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/20 13:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/20 13:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/20 12:06:32 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/12/20 12:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2009/12/20 11:58:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/12/20 11:58:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/20 11:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/17 10:38:53 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Owner\My Documents\My Stationery
[2009/12/16 17:02:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/12/16 17:01:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2009/12/16 17:00:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2009/12/15 19:22:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/12/15 19:01:40 | 00,000,000 | ---D | C] -- C:\GameHouse Games
[2009/12/15 19:00:51 | 00,000,000 | ---D | C] -- C:\Program Files\RealArcade
[2009/12/11 18:03:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2009/10/15 22:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/09/26 20:23:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/15 16:01:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/15 15:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/05 07:07:44 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\c37imncc.exe
[2010/01/05 07:07:13 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/01/05 06:30:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/05 06:29:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/05 06:29:41 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/05 06:29:34 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/05 06:29:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 06:12:05 | 05,242,880 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/01/05 06:12:05 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/01/05 06:07:56 | 02,827,090 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/05 05:28:05 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/05 05:13:16 | 47,436,706 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/05 05:12:48 | 00,132,702 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/04 19:24:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/04 14:56:19 | 00,524,288 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.pif
[2009/12/31 14:02:03 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\All Users\Glenda_Collins_Project Program Manager_2009- highlighted.doc
[2009/12/30 16:43:38 | 00,334,848 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Glenda_letter09[1].doc
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 11:36:39 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/30 11:36:06 | 08,086,544 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.6.exe
[2009/12/28 21:56:26 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/28 20:09:13 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer.zip
[2009/12/25 12:26:04 | 00,010,900 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Jesus Daily - 12.24.09.docx
[2009/12/22 23:10:17 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/12/22 22:08:44 | 00,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Owner\Desktop\VirtumundoBeGone.exe
[2009/12/22 21:39:35 | 00,119,808 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\VundoFix.exe
[2009/12/22 18:58:06 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\All Users\References.doc
[2009/12/22 08:27:24 | 00,518,940 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\attachments_2009_12_22.zip
[2009/12/22 00:02:06 | 00,578,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/22 00:02:06 | 00,482,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/22 00:02:06 | 00,086,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/21 21:22:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 17:09:14 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/12/21 17:09:14 | 00,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/12/21 09:46:07 | 00,000,751 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to HousecallLauncher.lnk
[2009/12/21 09:19:33 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/12/21 09:05:32 | 00,026,132 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Broccoli Rabe and Salami Pasta.docx
[2009/12/20 17:13:44 | 00,012,138 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Green Tea Article on Depression.docx
[2009/12/20 17:10:07 | 00,104,821 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\12 Dry Skin Soothing Products.docx
[2009/12/20 13:56:19 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/20 13:56:18 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/12/20 13:56:18 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/12/20 13:56:07 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/12/20 13:56:04 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/12/20 13:56:03 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/20 13:55:55 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/20 13:55:55 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/20 13:19:44 | 00,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/20 12:21:02 | 00,006,656 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 12:06:39 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/12/20 11:54:23 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/19 21:24:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/19 10:20:52 | 00,012,852 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The story of the pencil.docx
[2009/12/18 19:35:44 | 00,134,656 | ---- | M] () -- C:\Documents and Settings\All Users\Exclusive Authorization - Collabera.doc
[2009/12/17 13:06:21 | 00,016,758 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Free Knitting Pattern - Ribbon Scarf.docx
[2009/12/17 08:29:05 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/16 17:11:19 | 00,069,976 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/16 17:05:16 | 00,000,915 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2009/12/15 17:11:05 | 00,010,595 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\St. Therese Lisieux.docx
[2009/12/13 15:22:41 | 00,216,411 | ---- | M] () -- C:\Documents and Settings\All Users\holiday-recipes-cookbook-091608 a.pdf
[2009/12/11 22:14:45 | 00,015,509 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\On this day of your life.docx
[2009/12/11 18:16:59 | 00,077,374 | ---- | M] () -- C:\WINDOWS\hpqins05.dat
[2009/12/11 18:00:27 | 00,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/12/11 00:06:04 | 00,028,604 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Install OBIEE BI Apps on Linux and Windows.docx
[2009/12/10 23:31:21 | 00,026,010 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ETL Informatica Tutorial.docx
[2009/12/10 11:05:22 | 00,011,447 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Prayer for Anxious People.docx
[2009/12/08 16:16:21 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\All Users\Glenda_Collins_Project Program Manager_2009_Word 2003_2007.doc
[2009/12/08 09:06:27 | 00,736,773 | ---- | M] () -- C:\Documents and Settings\All Users\General_Ebook_QualityHealth_LowCalSlimDown_Ebook.pdf
[2009/12/07 16:33:55 | 00,015,471 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Citrix Questionnaire - Glenda M Collins.docx
[2009/12/07 15:37:14 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cisco Questionnaire - Glenda M. Collins.doc
[2009/12/07 11:42:51 | 00,014,282 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cisco Questionnaire.docx
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/05 07:07:41 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\c37imncc.exe
[2010/01/04 14:56:05 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.pif
[2009/12/31 14:02:02 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\All Users\Glenda_Collins_Project Program Manager_2009- highlighted.doc
[2009/12/30 16:43:37 | 00,334,848 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Glenda_letter09[1].doc
[2009/12/30 11:36:39 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/12/28 20:09:13 | 01,615,732 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ProcessExplorer.zip
[2009/12/25 12:26:03 | 00,010,900 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Jesus Daily - 12.24.09.docx
[2009/12/22 18:58:05 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\All Users\References.doc
[2009/12/22 08:27:19 | 00,518,940 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\attachments_2009_12_22.zip
[2009/12/21 21:22:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/21 17:09:14 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/12/21 17:09:14 | 00,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/12/21 09:46:07 | 00,000,751 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to HousecallLauncher.lnk
[2009/12/21 09:19:33 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/12/21 09:05:31 | 00,026,132 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Broccoli Rabe and Salami Pasta.docx
[2009/12/20 17:13:44 | 00,012,138 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Green Tea Article on Depression.docx
[2009/12/20 17:10:06 | 00,104,821 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\12 Dry Skin Soothing Products.docx
[2009/12/20 13:56:19 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/12/20 13:56:03 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/12/20 13:55:55 | 47,436,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/20 13:55:55 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/12/20 13:55:55 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/12/20 13:55:55 | 00,132,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/12/20 13:19:44 | 00,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/20 12:06:39 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/12/20 11:54:23 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2009/12/19 10:20:51 | 00,012,852 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The story of the pencil.docx
[2009/12/18 19:35:43 | 00,134,656 | ---- | C] () -- C:\Documents and Settings\All Users\Exclusive Authorization - Collabera.doc
[2009/12/17 13:06:20 | 00,016,758 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Free Knitting Pattern - Ribbon Scarf.docx
[2009/12/16 17:05:15 | 00,000,915 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
[2009/12/15 17:11:05 | 00,010,595 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\St. Therese Lisieux.docx
[2009/12/13 15:22:41 | 00,216,411 | ---- | C] () -- C:\Documents and Settings\All Users\holiday-recipes-cookbook-091608 a.pdf
[2009/12/11 22:14:45 | 00,015,509 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\On this day of your life.docx
[2009/12/11 18:00:27 | 00,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/12/11 17:58:05 | 00,077,374 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/12/11 00:06:04 | 00,028,604 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Install OBIEE BI Apps on Linux and Windows.docx
[2009/12/10 23:31:21 | 00,026,010 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ETL Informatica Tutorial.docx
[2009/12/10 11:05:22 | 00,011,447 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Prayer for Anxious People.docx
[2009/12/08 16:16:20 | 00,098,816 | ---- | C] () -- C:\Documents and Settings\All Users\Glenda_Collins_Project Program Manager_2009_Word 2003_2007.doc
[2009/12/08 09:06:27 | 00,736,773 | ---- | C] () -- C:\Documents and Settings\All Users\General_Ebook_QualityHealth_LowCalSlimDown_Ebook.pdf
[2009/12/07 16:25:35 | 00,015,471 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Citrix Questionnaire - Glenda M Collins.docx
[2009/12/07 15:37:13 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cisco Questionnaire - Glenda M. Collins.doc
[2009/12/07 11:42:51 | 00,014,282 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cisco Questionnaire.docx
[2009/11/16 23:22:25 | 00,159,112 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/14 14:09:25 | 00,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2009/09/09 19:41:04 | 00,002,416 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/03 16:24:23 | 00,006,656 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/27 18:18:43 | 00,077,464 | ---- | C] () -- C:\Program Files\OpenWorkbench_116_ReleaseNotes.pdf
[2008/12/13 13:21:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/11/23 14:47:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


EXTRAS:
OTL Extras logfile created on: 1/5/2010 7:12:14 AM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 42.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 20.43 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-4912F2195
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"c:\program files\e-trends\etrnd.exe" = c:\program files\e-trends\etrnd.exe:*:Enabled:etrnd.exe -- (TMRG, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{1aebcc44-7a6c-43b9-ae5a-a6ee651d67ce}" = e-Trends
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1" = Actiontec MD56ORD V92 MDC Modem
"e-Trends Helper" = e-Trends Software Installation Helper
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Picasa2" = Picasa 2
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® Network Connections Drivers
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 10:09:55 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:13:30 AM | Computer Name = OWNER-4912F2195 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29565.
SQL Server Setup cannot upgrade the specified instance because the previous upgrade
did not complete. Start the Remote Registry service and go to Add/Remove Programs,
select the Change button for Microsoft SQL Server 2005, and then select SQL instance
MSSMLBIZ and complete the setup.

Error - 1/5/2010 10:13:31 AM | Computer Name = OWNER-4912F2195 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 4053
for SQL Server Database Services 2005 ENU (KB970892)' could not be installed. Error
code 1603. Additional information is available in the log file C:\Program Files\Microsoft
SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970892_sqlrun_sql.msp.log.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 7/6/2009 8:57:55 PM | Computer Name = OWNER-4912F2195 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1213
seconds with 360 seconds of active time. This session ended with a crash.

Error - 12/9/2009 12:11:43 AM | Computer Name = OWNER-4912F2195 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26319
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/2/2010 4:35:15 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 12:01:36 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 1:00:28 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 4:23:25 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 10:31:20 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 3:16:59 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 1:03:37 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 1:23:00 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/5/2010 7:02:09 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/5/2010 10:13:39 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe -- (Hewlett-Packard)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"c:\program files\e-trends\etrnd.exe" = c:\program files\e-trends\etrnd.exe:*:Enabled:etrnd.exe -- (TMRG, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{1aebcc44-7a6c-43b9-ae5a-a6ee651d67ce}" = e-Trends
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51B833D8-66B0-4E72-92B9-4E4977EF37F2}" = WD Drive Manager (x86)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_2486&SUBSYS_542114F1" = Actiontec MD56ORD V92 MDC Modem
"e-Trends Helper" = e-Trends Software Installation Helper
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Picasa2" = Picasa 2
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® Network Connections Drivers
"Search Guard Plus Updater" = Search Guard Plus Updater (My Web Tattoo)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1106892850-2189113863-1378109196-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/5/2010 10:09:55 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:09:56 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:13:30 AM | Computer Name = OWNER-4912F2195 | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29565.
SQL Server Setup cannot upgrade the specified instance because the previous upgrade
did not complete. Start the Remote Registry service and go to Add/Remove Programs,
select the Change button for Microsoft SQL Server 2005, and then select SQL instance
MSSMLBIZ and complete the setup.

Error - 1/5/2010 10:13:31 AM | Computer Name = OWNER-4912F2195 | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 4053
for SQL Server Database Services 2005 ENU (KB970892)' could not be installed. Error
code 1603. Additional information is available in the log file C:\Program Files\Microsoft
SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970892_sqlrun_sql.msp.log.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 1/5/2010 10:29:41 AM | Computer Name = OWNER-4912F2195 | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ OSession Events ]
Error - 7/6/2009 8:57:55 PM | Computer Name = OWNER-4912F2195 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1213
seconds with 360 seconds of active time. This session ended with a crash.

Error - 12/9/2009 12:11:43 AM | Computer Name = OWNER-4912F2195 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26319
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/2/2010 4:35:15 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 12:01:36 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 1:00:28 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 4:23:25 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/3/2010 10:31:20 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 3:16:59 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 1:03:37 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/4/2010 1:23:00 PM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/5/2010 7:02:09 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).

Error - 1/5/2010 10:13:39 AM | Computer Name = OWNER-4912F2195 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2005 Service Pack 3 (KB970892).


< End of report >


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 10:15:50
Windows 5.1.2600 Service Pack 3
Running: c37imncc.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwadraow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76BF87E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76BFC10]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF75AA7A4]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\e-Trends\etrnd.exe[424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CB0001
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A90001
.text C:\WINDOWS\Explorer.EXE[664] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\Explorer.EXE[664] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00A0000A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BD0001
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe[2632] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Picasa2\PicasaMediaDetector.exe[2664] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2672] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Search Guard PlusU\sgpUpdaters.exe[2696] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2728] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[2784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
.text C:\WINDOWS\vVX6000.exe[2820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\WINDOWS\vVX6000.exe[2820] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\vVX6000.exe[2820] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wscntfy.exe[2856] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2868] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 048E8950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 048E5760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 048E77F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 048E9840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 048E8E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 048E8B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 048E7400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 048E6F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!send 71AB4C27 5 Bytes JMP 048E7AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 048E9AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!recv 71AB676F 5 Bytes JMP 048E84D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 048E8070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 048E9E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 048E93D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 048E7290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[2888] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 048E87F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wuauclt.exe[2896] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[2960] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2984] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 01F88950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 01F85760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 01F877F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 01F89840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 01F88E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 01F88B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F87400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 01F86F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01F87AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F89AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01F884D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F88070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 01F89E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 01F893D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 01F87290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3052] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 01F887F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe[3064] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\WinZip\WZQKPICK.EXE[3080] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 011A0001
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 04DA8950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 04DA5760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 04DA77F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 04DA8E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 04DA8B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 04DA7400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 04DA6F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 04DA7AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 04DA9AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!recv 71AB676F 5 Bytes JMP 04DA84D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 04DA8070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 04DA9E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 04DA93D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 04DA7290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 04DA87F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Linksys\WUSB600N\WUSB600N.exe[3108] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 04DA9840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3268] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe[3284] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3880] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 10038950 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 10035760 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100377F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WININET.dll!UnlockUrlCacheEntryFile 3D94F8C6 5 Bytes JMP 10039840 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 10038E10 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!recvfrom 71AB2FF7 5 Bytes JMP 10038B40 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10037400 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10036F20 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10037AB0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10039AF0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100384D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10038070 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 10039E80 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100393D0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10037290 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)
.text C:\Documents and Settings\Owner\Desktop\c37imncc.exe[5676] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100387F0 C:\Program Files\e-Trends\etls.dll (e-Trends/TMRG, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86F02618

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


Just as a FYI, upon re-establishing the firewall, the computer had another fatal system error something about "Failing at attempt to Login....." sorry but the machine rebooted too quickly for me to get the entire message.

Thank you for your help.

Happygmc

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:11 AM

Posted 05 January 2010 - 04:21 PM

Hi,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue the cleaning please run ComboFix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 January 2010 - 05:04 PM

Hi Myrti,

Well this puts me in a horrible pickle. I lost my job over 15 months ago and have not worked, I had an HP computer that the hard drive failed under warranty and which HP did not honor and did not replace. This is a replacement computer, my friend lent me and it was refurbished. I don't want to inundate you, but want you to know, I'm going to try all the steps you identify above -- unfortunately I do not own a copy of the OS and am not sure on how to go about re-installing on this computer. As money is tight, I'm just really trying to fix this machine as I rely on it in speaking with recruiters, job potentials, etc. Luckily, I do not buy or do any personal banking or financial transactions online -- I really appreciate your direction on these topics! :-)

I'll keep you posted on how the steps you detail above work and am very grateful for your help.

Thanks,
Happygmc

Edited by happygmc, 05 January 2010 - 05:07 PM.


#11 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 05 January 2010 - 05:58 PM

Hi Myrti,

Thank you for your help, please find the log from comboFix:

ComboFix 10-01-04.01 - Owner 01/05/2010 14:24:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.600 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\program files\Search Guard PlusU
c:\program files\Search Guard PlusU\SGPU.ico
c:\program files\Search Guard PlusU\sgpUpdater.exe
c:\program files\Search Guard PlusU\sgpUpdater.xml
c:\program files\Search Guard PlusU\sgpUpdaters.exe
c:\program files\Search Guard PlusU\uninstalSGPU.exe
c:\program files\SGPSA
c:\recycler\S-1-5-21-1078081533-1677128483-1644491937-1003
c:\recycler\S-1-5-21-1078081533-1677128483-1644491937-500

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2009-12-31 01:51 . 2009-12-31 01:51 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 19:40 . 2009-12-16 22:42 43008 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-30 19:40 . 2009-12-16 22:42 340480 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-30 19:40 . 2009-12-16 22:41 346624 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-30 19:40 . 2009-12-16 22:42 872960 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-27 21:11 . 2009-12-27 21:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-12-25 00:56 . 2009-12-27 21:10 -------- d-----w- C:\495d047615924e0ad2fc
2009-12-23 06:30 . 2009-12-27 21:11 -------- d-----w- c:\windows\system32\NtmsData
2009-12-22 18:14 . 2009-12-22 18:14 -------- d-----w- c:\program files\Virus Suspects
2009-12-22 05:28 . 2009-12-22 05:28 -------- d-----w- C:\VundoFix Backups
2009-12-22 05:22 . 2009-12-30 22:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 05:22 . 2009-12-31 01:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 05:22 . 2009-12-30 22:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 04:05 . 2009-11-25 21:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-22 01:08 . 2009-12-22 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-12-21 23:04 . 2009-12-22 03:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-20 22:53 . 2009-12-20 22:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Security Toolbar
2009-12-20 21:56 . 2009-12-20 22:52 -------- d-----w- C:\$AVG
2009-12-20 21:56 . 2009-12-20 21:56 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-20 21:56 . 2009-12-20 21:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-20 21:56 . 2009-12-20 21:56 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-20 21:56 . 2009-12-20 21:56 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-20 21:55 . 2010-01-05 13:13 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-20 21:55 . 2009-12-22 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-20 21:55 . 2010-01-05 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-20 21:19 . 2009-12-20 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-20 20:06 . 2009-12-20 21:19 -------- d-----w- c:\program files\IObit
2009-12-20 20:06 . 2009-12-20 20:06 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-12-20 20:06 . 2009-11-05 00:49 635664 ------w- c:\documents and settings\Owner\Application Data\IObit\Common\TB_Helper.exe
2009-12-20 19:58 . 2009-12-20 19:58 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-20 19:58 . 2009-12-20 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-20 19:54 . 2009-12-20 19:54 -------- d-----w- c:\program files\CCleaner
2009-12-17 01:02 . 2009-12-17 01:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-12-17 01:01 . 2009-12-17 01:01 -------- d-----w- c:\documents and settings\All Users\Microsoft
2009-12-17 01:00 . 2009-12-17 01:00 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-12-16 03:22 . 2009-12-16 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-12-16 03:01 . 2009-12-22 07:07 -------- d-----w- C:\GameHouse Games
2009-12-16 03:00 . 2009-12-22 07:07 -------- d-----w- c:\program files\RealArcade
2009-12-12 02:03 . 2009-12-12 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-12 01:58 . 2009-12-12 02:16 77374 ----a-w- c:\windows\hpqins05.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 22:31 . 2009-11-17 17:50 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-31 01:51 . 2009-06-15 23:56 -------- d-----w- c:\program files\Common Files\Real
2009-12-30 19:28 . 2009-09-10 04:00 -------- d-----w- c:\documents and settings\Owner\Application Data\HPAppData
2009-12-22 20:38 . 2009-09-10 04:14 -------- d-----w- c:\program files\Google
2009-12-22 07:11 . 2008-11-23 18:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 07:10 . 2009-09-10 03:42 -------- d-----w- c:\program files\HP
2009-12-22 07:07 . 2009-07-10 00:54 -------- d-----w- c:\program files\Coupons
2009-12-20 18:40 . 2009-09-04 02:23 -------- d-----w- c:\program files\Lavasoft
2009-12-19 01:22 . 2009-09-18 18:07 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2009-12-17 01:15 . 2009-09-09 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-17 01:11 . 2009-09-03 23:57 69976 -c----w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 01:01 . 2009-11-12 17:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-12 02:17 . 2009-09-10 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-22 06:57 . 2009-09-14 02:00 -------- d-----w- c:\program files\Safari
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 23:50 . 2009-09-27 06:31 -------- d-----w- c:\program files\iTunes
2009-11-20 23:49 . 2009-11-20 23:49 -------- d-----w- c:\program files\iPod
2009-11-20 23:49 . 2009-09-14 01:50 -------- d-----w- c:\program files\Common Files\Apple
2009-11-20 23:41 . 2009-09-20 06:52 -------- d-----w- c:\program files\QuickTime
2009-11-19 04:46 . 2009-09-10 03:54 -------- d-----w- c:\program files\Yahoo!
2009-11-17 17:45 . 2009-09-04 02:21 -------- d-----w- c:\program files\AVG
2009-11-17 07:22 . 2009-11-17 07:22 159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-14 22:09 . 2009-11-14 22:09 -------- d-----w- c:\program files\Microsoft LifeCam
2009-11-13 17:05 . 2009-11-12 17:27 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-13 16:58 . 2009-09-09 23:35 -------- d-----w- c:\program files\Microsoft Works
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-12 17:27 . 2009-09-10 01:24 -------- d-----w- c:\program files\Microsoft
2009-11-12 17:27 . 2009-11-12 17:27 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-12 17:26 . 2009-09-10 01:23 -------- d-----w- c:\program files\Windows Live
2009-11-12 17:25 . 2009-11-12 17:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-04 01:58 . 2009-11-04 01:58 152576 ------w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:46 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2009-06-17 17:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2008-04-14 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-11 12:17 . 2009-09-17 18:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-28 02:18 . 2009-07-28 02:18 77464 -c--a-w- c:\program files\OpenWorkbench_116_ReleaseNotes.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 05:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 126976]
"ATIModeChange"="Ati2mdxx.exe" [2006-04-01 28672]
"e-Trends Software Installation Helper"="c:\program files\e-Trends\ethelper.exe" [2009-09-09 94230]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX6000"="c:\windows\vVX6000.exe" [2009-03-17 713744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2009-09-26 518040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-11-18 495432]
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-20 21:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\e-Trends]
2009-09-18 14:45 389760 ----a-w- c:\program files\e-Trends\etls.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\program files\\e-trends\\etrnd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/3/2009 6:24 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/20/2009 1:56 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/20/2009 1:56 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/20/2009 1:55 PM 285392]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [12/20/2009 1:19 PM 312592]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 3:52 AM 106496]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 5:04 PM 551680]
S2 gupdate1c9ee14adaeb690;Google Update Service (gupdate1c9ee14adaeb690);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 3:54 PM 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [11/14/2009 2:09 PM 2077840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-15 23:54]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-15 23:54]

2010-01-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 172.17.1.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ojkp2xf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\e-Trends\components\etxg.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: *xg.dll: {6E19037A-12E3-4295-8915-ED48BC341614} - c:\program files\e-Trends
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-SGPUpdater - c:\program files\Search Guard PlusU\sgpUpdaters.exe
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 14:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SGPUpdater = c:\program files\Search Guard PlusU\sgpUpdaters.exe??o?????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\e-Trends\etls.dll

- - - - - - - > 'explorer.exe'(3504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\e-Trends\etrnd.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-01-05 14:39:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 22:39

Pre-Run: 21,764,538,368 bytes free
Post-Run: 21,863,444,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F44889B48F27E2F018120474C7B33A86

Thank you for your help, please let me know how to proceed next.

Happygmc

PS. Ran the computer thru a few paces on websites, installed MicroSoft Essentials - ran and then Ran AVG so far looking good - Trojan horse Vundo.JD does not register, nor are there websites popping up although there is a yieldmanager and adtmt cookies that try to add...will monitor and talk to you tomorrow. Have a nice night and thank you greatly for your wonderful help! YOU ROCK!

Edited by happygmc, 06 January 2010 - 03:18 AM.


#12 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 06 January 2010 - 04:02 PM

:( :( :) Hi Myrti -- you and Bleeping Computer ARE THE BEST!!! The virus appears to be gone! THANK YOU THANK YOU THANK YOU!!!! Remarkable how all you geniuses are helping us -- I wish more and more and more and more and continued success in all you do! YOU ARE TRULY THE BEST AND GREATEST EVER!!! YOU ARE SUPERSTARS!!!! THANK YOU THANK YOU!!!

Happygmc -- truly happy now!!!

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:11 AM

Posted 08 January 2010 - 06:06 PM

Hi,

happy to hear that everything seems to be working better! :(

Please do not leave just yet, as we have a couple more steps left to do!

First of all I would like you to scan with Eset to see if anything was missed:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 happygmc

happygmc
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:11 PM

Posted 08 January 2010 - 10:14 PM

Hi Myrti,

Thank you for your hep. Yes, there are a few problems still occurring. Internet Explorer is working but does not let me get to my Yahoo account which just flashes and does not let me in. If I download Mozillo Firefox I can get my yahoo account and the computer appears to work okay for a while then stops and bad cookies show up, then I have to remove Firefox as it will stop working not be running and no longer launch as it thinks it's running.

I found zedo and overture cookies which I have since deleted. There is a persistent owner@atdmt[2] cookie that keeps popping up. Also Malwarebytes found a threat which it then deleted -- I posted the Malwarebytes report below the results of ESET.

ESET Report:

C:\Program Files\e-Trends\etrnd.exe a variant of Win32/Adware.RK.AA application cleaned by deleting - quarantined


Malwarebytes Report:

Malwarebytes' Anti-Malware 1.43
Database version: 3497
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/8/2010 4:03:23 PM
mbam-log-2010-01-08 (16-03-23).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 167143
Time elapsed: 1 hour(s), 16 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{1C36E33C-0D2A-455D-B0CC-9BBF5DD2E330}\RP343\A0071379.sys (Malware.Trace) -> Quarantined and deleted successfully.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:11 AM

Posted 09 January 2010 - 07:25 AM

Hi,

cookies are not really dangerous, if you do not wish to get any cookies, you can set your browser up to not accept cookies at all.

instructions for Firefox: http://www.bleepingcomputer.com/forums/t/65268/how-to-allowallow-for-sessionblock-cookies-in-firefox/
instructions for Internet Explorer: http://support.microsoft.com/?scid=kb%3Ben...p;x=22&y=15
You need to be aware however, that blocking cookies may reduce the functionality of your browser. For example you will no longer be able to stay logged in here at bleepingcomputer.

In regards to your yahoo browser, please try to empty your cache and temporary files:

Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Please try to access yahoo once more and let me know if that fixes it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users