Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop infected by Trojan.Vundo


  • This topic is locked This topic is locked
16 replies to this topic

#1 satya72

satya72

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 February 2010 - 02:37 PM

Since last 2 days my desktop (XP media center Sp3) has been plagued by Trojan.vundo

Initially it had disabled my copy of Malwarebytes' Anti-Malware program. I am able to run it only after if renamed the "mbam.exe" file to "mbam.bat". After every scan MBAM keeps finding at least 5 files infected by Trojan.Vundo.

Based on your guidelines, I went thru these steps for preparation:
- ran the DeFogger which did not find any issues
- ran the DDS Tool
- I was not able to run the GMER tool. About halfway thru, my desktop either hangs up or reboots. If there is anything that I can do to get it run, please let me know

Any help would be greatly appreciated.

Here are the contents of the DDS.txt log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Administrator at 12:03:35.89 on Sun 02/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2868 [GMT -6:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [mlifcydrv] rundll32.exe "qomnnm.dll",s
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [ljiggfsys] rundll32.exe "xxvtrr.dll",DllRegisterServer
mRun: [ddayyxdrv] rundll32.exe "qomnnm.dll",s
dRun: [hgfedcsys] rundll32.exe "xxvtrr.dll",DllRegisterServer
dRun: [pmkhihdrv] rundll32.exe "qomnnm.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: trymedia.com
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.bridgelogix.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257654706281
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 xxvtrr.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-27 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 66632]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82696]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-27 112592]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-2-3 427192]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 104456]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872]
S2 gupdate1ca61ad757d7c38;Google Update Service (gupdate1ca61ad757d7c38);c:\program files\google\update\GoogleUpdate.exe [2009-11-9 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-27 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-27 1141712]

=============== Created Last 30 ================

2010-02-28 17:38:09 0 d-----w- c:\temp\gmer
2010-02-28 17:37:28 284915 ----a-w- c:\temp\gmer.zip
2010-02-28 17:14:04 524288 ----a-w- c:\temp\dds.scr
2010-02-28 17:12:29 0 ----a-w- c:\documents and settings\hp_administrator.shobhaswarooppc\defogger_reenable
2010-02-28 17:11:55 50477 ----a-w- c:\temp\Defogger.exe
2010-02-28 17:00:37 0 d-----w- c:\windows\system32\NtmsData
2010-02-28 08:00:58 0 d-----w- C:\ComboFix
2010-02-28 06:12:32 98816 ----a-w- c:\windows\sed.exe
2010-02-28 06:12:32 77312 ----a-w- c:\windows\MBR.exe
2010-02-28 06:12:32 261632 ----a-w- c:\windows\PEV.exe
2010-02-28 06:12:32 161792 ----a-w- c:\windows\SWREG.exe
2010-02-28 06:09:57 401720 ----a-w- c:\temp\HijackThis.exe
2010-02-28 06:09:57 3874477 ----a-r- c:\temp\ComboFix.exe
2010-02-28 05:25:03 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-28 05:25:03 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-28 05:25:03 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-28 05:25:03 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-28 05:25:03 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-28 05:25:03 131 ----a-w- c:\windows\IDB.zip
2010-02-28 05:25:02 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-28 05:25:02 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-28 05:25:02 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-28 05:25:02 1152444 ----a-w- c:\windows\UDB.zip
2010-02-28 05:17:55 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-28 05:17:55 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-28 05:17:44 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-28 05:17:44 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-28 05:17:44 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-28 05:17:44 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-28 05:17:34 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-28 05:17:34 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-28 05:17:13 0 d-----w- c:\program files\Spyware Doctor
2010-02-28 05:17:13 0 d-----w- c:\program files\common files\PC Tools
2010-02-28 05:17:13 0 d-----w- c:\docume~1\hp_adm~2.sho\applic~1\PC Tools
2010-02-28 05:17:13 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-02-28 05:11:00 100352 ---ha-w- c:\windows\system32\qopolj.dll
2010-02-28 05:02:29 96978 ----a-w- c:\temp\VirtumundoBeGone.exe
2010-02-27 23:09:02 363008 ----a-w- c:\temp\rkill.com
2010-02-27 22:40:44 0 d-----w- C:\VundoFix Backups
2010-02-27 22:40:29 137728 ----a-w- c:\temp\VundoFix.exe
2010-02-27 22:12:24 100352 ---ha-w- c:\windows\system32\qomnnm.dll
2010-02-27 21:44:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 21:44:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 21:44:24 0 d-----w- C:\MAnMlwr
2010-02-27 21:15:32 100352 ---ha-w- c:\windows\system32\geeccy.dll.vir
2010-02-27 19:40:44 0 d-----w- c:\program files\Trojan Remover
2010-02-27 19:39:54 9228416 ----a-w- c:\temp\trjsetup681.exe
2010-02-27 19:37:26 8877640 ----a-w- c:\temp\i2_trj681.exe
2010-02-27 19:36:41 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-27 19:36:40 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-27 19:36:40 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-27 19:36:40 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-27 19:36:40 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-02-27 19:36:35 0 d-----w- c:\docume~1\hp_adm~2.sho\applic~1\Simply Super Software
2010-02-27 19:36:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-02-27 19:19:42 100352 ---ha-w- c:\windows\system32\vtuvvu.dll.vir
2010-02-27 16:11:32 100352 ----a-w- c:\windows\system32\cbxuut.dll.vir
2010-02-27 07:55:09 100864 ----a-w- c:\windows\system32\mlkkli.dll.vir
2010-02-27 07:50:07 89088 ---ha-w- c:\windows\system32\xxvtrr.dll
2010-02-25 02:24:18 0 d-----w- c:\program files\CDisplay
2010-02-21 07:31:52 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-10 02:40:18 0 d-----w- c:\windows\system32\appmgmt

==================== Find3M ====================

2010-02-28 09:03:11 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-28 04:31:18 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-21 09:51:06 132 ----a-w- C:\httpdwl.dat
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-09 05:53:44 726528 ------w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-09-22 03:55:42 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 12:04:57.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 02 March 2010 - 09:01 PM

So that's it? No one can help me with this?

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 05 March 2010 - 07:56 AM.


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 05 March 2010 - 02:25 PM

Hello, satya72.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Should you still require assistance, please take note of the points below:
  • Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.
  • The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.
  • Please do not install, update, or run any programs for the duration of the fix.
  • If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for smile.gif
  • Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.
  • If you are running Vista, please run all the fixes as an administrator. This is done by right-clicking the program and clicking "Run as Administrator".

Please do the following so I can take a look at the current state of your system.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

NEXT:
We need to run a GMER scan
  1. Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  2. Close all other open programs as there is a slight chance your computer will crash.
  3. Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  4. You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  5. Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.
  6. When the scan is complete, click Save and save the log onto your desktop.

In your next reply, please include the following:
  • Log.txt
  • info.txt
  • gmer.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 08 March 2010 - 12:31 AM

Hello satya72
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 08 March 2010 - 11:12 AM

Hi aommaster,

Thanks for helping me. Sorry about the late response.

I uninstalled my current Internet Security (Bitdefender 2009) and installed a trial version of Kaspersky Internet Security (KIS) 2010.

KIS was able to identify the malware and took it out. Then I was able to install and run a Pro version of Malwarebytes Antimalware (MBAM). Since then I have'nt seen any recurrence of the issue.

But I will follow your suggestions and run RSIT and GMER this afternoon and send you the log files so that you can confirm if the problem was really resolved.

Thanks again

- satya72

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 08 March 2010 - 07:28 PM

Hi!

Glad to help smile.gif I'll wait for the logs.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 09 March 2010 - 03:46 PM

Hi aommaster,

I was able to run the RSIT program. The log files "info.txt" and "log.txt" are attached.

I tried everything to run GMER to completion without hanging, but was unsuccessful. It failed even in safe mode. If there is anything else that I can do please suggest.

Thanks

- satya72

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-03-08 14:29:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (80%) free of 138 GB
Total RAM: 3582 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:47 PM, on 3/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\temp\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.bridgelogix.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257654706281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1ca61ad757d7c38) (gupdate1ca61ad757d7c38) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11322 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2009-09-07 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-11-07 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-02-22 143360]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-14 7557120]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
xxvtrr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e089f862-0e8e-11df-b373-001731db77de}]
shell\AutoRun\command - L:\VUNDOFIX.EXE


======List of files/folders created in the last 1 months======

2010-03-08 14:29:34 ----D---- C:\Program Files\trend micro
2010-03-08 14:29:32 ----D---- C:\rsit
2010-03-06 09:57:21 ----HD---- C:\WINDOWS\PIF
2010-03-05 21:43:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-05 15:03:19 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files\Java
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-05 15:02:50 ----A---- C:\WINDOWS\system32\java.exe
2010-03-04 21:20:36 ----D---- C:\Program Files\Kaspersky Lab
2010-03-04 21:20:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-03-04 21:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-04 19:41:44 ----AH---- C:\WINDOWS\system32\gebxxw.dll
2010-03-02 22:40:55 ----AH---- C:\WINDOWS\system32\ursrqo.dll
2010-03-01 21:09:47 ----AH---- C:\WINDOWS\system32\pmnllk.dll
2010-03-01 21:04:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-28 11:00:37 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-28 02:26:14 ----A---- C:\ComboFix.txt
2010-02-28 00:11:48 ----D---- C:\WINDOWS\ERDNT
2010-02-27 23:25:03 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-02-27 23:25:02 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-02-27 23:17:13 ----D---- C:\Program Files\Spyware Doctor
2010-02-27 16:40:44 ----A---- C:\VundoFix.txt
2010-02-27 13:42:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-27 13:36:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unrar3.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-02-27 13:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-02-24 20:24:18 ----D---- C:\Program Files\CDisplay
2010-02-23 23:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-09 20:53:41 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-09 20:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-09 20:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-09 20:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-09 20:49:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-09 20:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-09 20:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-09 20:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-09 20:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-09 20:40:18 ----D---- C:\WINDOWS\system32\appmgmt

======List of files/folders modified in the last 1 months======

2010-03-08 14:29:34 ----D---- C:\Program Files
2010-03-08 14:29:32 ----D---- C:\WINDOWS\Prefetch
2010-03-08 14:28:55 ----D---- C:\temp
2010-03-08 14:27:01 ----D---- C:\Program Files\Mozilla Firefox
2010-03-08 14:22:30 ----D---- C:\WINDOWS\Temp
2010-03-08 13:55:59 ----AD---- C:\WINDOWS
2010-03-08 13:55:56 ----D---- C:\WINDOWS\system32\Lang
2010-03-08 13:53:29 ----D---- C:\WINDOWS\Registration
2010-03-08 00:46:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-08 00:46:15 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Free Download Manager
2010-03-08 00:45:40 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\vlc
2010-03-06 10:43:27 ----SHD---- C:\System Volume Information
2010-03-06 10:43:27 ----D---- C:\WINDOWS\system32\Restore
2010-03-06 09:36:52 ----SHD---- C:\WINDOWS\CSC
2010-03-05 21:46:07 ----SD---- C:\WINDOWS\Tasks
2010-03-05 21:44:00 ----D---- C:\WINDOWS\system32\drivers
2010-03-05 15:03:19 ----SHD---- C:\WINDOWS\Installer
2010-03-05 15:03:18 ----D---- C:\Config.Msi
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files
2010-03-05 15:02:51 ----D---- C:\WINDOWS\system32
2010-03-05 15:02:25 ----D---- C:\Program Files\Java
2010-03-04 21:21:23 ----HD---- C:\WINDOWS\inf
2010-03-04 21:20:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-04 21:13:16 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\SUPERAntiSpyware.com
2010-03-04 21:07:39 ----D---- C:\WINDOWS\WinSxS
2010-03-04 21:06:21 ----A---- C:\bdlog.txt
2010-03-04 21:06:19 ----A---- C:\WINDOWS\bdagent.INI
2010-03-01 20:09:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-01 20:00:53 ----D---- C:\Program Files\Quicken
2010-03-01 20:00:35 ----A---- C:\WINDOWS\QUICKEN.INI
2010-03-01 19:57:55 ----D---- C:\Program Files\HP Games
2010-03-01 19:57:14 ----D---- C:\Program Files\GemMaster
2010-02-28 11:06:27 ----D---- C:\WINDOWS\repair
2010-02-28 02:21:51 ----A---- C:\WINDOWS\system.ini
2010-02-28 02:06:29 ----D---- C:\WINDOWS\AppPatch
2010-02-28 00:18:35 ----D---- C:\WINDOWS\system32\config
2010-02-27 23:46:48 ----D---- C:\WINDOWS\system32\FxsTmp
2010-02-27 16:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 13:13:48 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-27 13:13:45 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-27 01:50:31 ----A---- C:\WINDOWS\ODBC.INI
2010-02-26 17:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-23 23:28:08 ----D---- C:\WINDOWS\ie8updates
2010-02-23 23:27:38 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-21 15:18:38 ----D---- C:\WINDOWS\Minidump
2010-02-21 15:18:38 ----D---- C:\WINDOWS\Debug
2010-02-21 15:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-21 01:31:52 ----D---- C:\WINDOWS\system32\wbem
2010-02-09 20:48:22 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-09 20:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-04 315408]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-14 3642784]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-13 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-11-07 111112]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-22 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-05 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-14 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S2 gupdate1ca61ad757d7c38;Google Update Service (gupdate1ca61ad757d7c38); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 133104]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-23 413696]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-03-08 14:29:52

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AIM 7-->C:\Program Files\AIM\uninst.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
Cisco AnyConnect VPN Client-->MsiExec.exe /X{6005535D-8A83-4108-A757-E1AB9886AECA}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /remove
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Movie DVD Maker 2.7.0610-->"C:\Program Files\Movie DVD Maker\unins000.exe"
Mozilla Firefox (3.5.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Ultra MKV Converter 3.2.0322-->"C:\Program Files\Ultra MKV Converter\unins000.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: Kaspersky Internet Security
FW: Kaspersky Internet Security

======System event log======

Computer Name: SHOBHASWAROOPPC
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.15.2.
The machine with the IP address 192.168.15.3 did not allow the name to be claimed by
this machine.

Record Number: 6541
Source Name: NetBT
Time Written: 20100301210536.000000-360
Event Type: error
User:

Computer Name: SHOBHASWAROOPPC
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 6540
Source Name: DCOM
Time Written: 20100301210519.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SHOBHASWAROOPPC
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\SHOBHASWAROOP2 on the network \Device\NetBT_Tcpip_{F44BED47-2EAA-45AF-AEB8-D77DF13AF23C}.
The data is the error code.

Record Number: 6535
Source Name: BROWSER
Time Written: 20100301210203.000000-360
Event Type: warning
User:

Computer Name: SHOBHASWAROOPPC
Event Code: 3
Message: Printer Quicken PDF Printer was deleted.

Record Number: 6510
Source Name: Print
Time Written: 20100301200021.000000-360
Event Type: warning
User: SHOBHASWAROOPPC\HP_Administrator

Computer Name: SHOBHASWAROOPPC
Event Code: 4
Message: Printer Quicken PDF Printer is pending deletion.

Record Number: 6509
Source Name: Print
Time Written: 20100301200018.000000-360
Event Type: warning
User: SHOBHASWAROOPPC\HP_Administrator

=====Application event log=====

Computer Name: SHOBHASWAROOPPC
Event Code: 11920
Message: Product: BitDefender Definitions Update -- Error 1920. Service 'BitDefender Desktop Update Service' (LIVESRV) failed to start. Verify that you have sufficient privileges to start system services.

Record Number: 90
Source Name: MsiInstaller
Time Written: 20091107184428.000000-300
Event Type: error
User: SHOBHASWAROOPPC\HP_Administrator

Computer Name: SHOBHASWAROOPPC
Event Code: 11920
Message: Product: BitDefender Definitions Update -- Error 1920. Service 'BitDefender Desktop Update Service' (LIVESRV) failed to start. Verify that you have sufficient privileges to start system services.

Record Number: 89
Source Name: MsiInstaller
Time Written: 20091107184351.000000-300
Event Type: error
User: SHOBHASWAROOPPC\HP_Administrator

Computer Name: SHOBHASWAROOPPC
Event Code: 11920
Message: Product: BitDefender Definitions Update -- Error 1920. Service 'BitDefender Desktop Update Service' (LIVESRV) failed to start. Verify that you have sufficient privileges to start system services.

Record Number: 88
Source Name: MsiInstaller
Time Written: 20091107184311.000000-300
Event Type: error
User: SHOBHASWAROOPPC\HP_Administrator

Computer Name: SHOBHASWAROOPPC
Event Code: 1
Message: An error has occurred (StartServiceCtrlDispatcher failed with 997).

Record Number: 82
Source Name: Arrakis3
Time Written: 20091107183513.000000-300
Event Type: error
User:

Computer Name: SHOBHASWAROOPPC
Event Code: 1517
Message: Windows saved user SHOBHASWAROOPPC\HP_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 75
Source Name: Userenv
Time Written: 20091107182745.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   22.8KB   14 downloads
  • Attached File  log.txt   33.03KB   16 downloads

Edited by aommaster, 09 March 2010 - 11:26 PM.


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 09 March 2010 - 11:34 PM

Hello, satya72.
Please copy and paste logs into your reply as they make it easier for me to read (I've editted your post). Also, no need to worry about the GMER scan. GMER isn't compatible with some systems.

We need to run an OTM script
  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the OTM icon on your desktop.
  3. Paste the following code under the Paste Instructions for Items to be Moved area. Do not include the word "Code".
    CODE
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=hex(7):6D,73,76,31,5F,30,00,00

    :Files
    C:\WINDOWS\system32\pmnllk.dll
    C:\WINDOWS\system32\ursrqo.dll
    C:\WINDOWS\system32\gebxxw.dll
  4. Push the large MoveIt! button.
    **OTM may ask to reboot the machine. Please do so if asked.
  5. Copy/Paste the contents under the Results line here in your next reply.
  6. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
NEXT:

It appears that you've run Combofix and Vundofix. Please post up the logs generated at:
c:\combofix.txt
c:\VundoFix.txt

NEXT:

We need to run a Panda Active Scan
  1. Please go here to run Panda's ActiveScan
  2. Once you are on the Panda site click the Scan your PC button
  3. Click the big Scan Now button
  4. If it wants to install an ActiveX component allow it
  5. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  6. When download is complete, click on My Computer to start the scan
  7. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
NEXT:

Please generate a fresh RSIT log for my review

In your next reply, please include the following:
  • OTM Log
  • ActiveScan Report
  • Combofix.txt
  • Vundofix.txt
  • RSIT log

Edited by aommaster, 09 March 2010 - 11:35 PM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 10 March 2010 - 11:49 PM

Hi aommaster,

Thanks for taking the trouble.

First here is the OTM log:

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"authentication packages"|hex(7):6D,73,76,31,5F,30,00,00 /E : value set successfully!
========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnllk.dll
C:\WINDOWS\system32\pmnllk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ursrqo.dll
C:\WINDOWS\system32\ursrqo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebxxw.dll
C:\WINDOWS\system32\gebxxw.dll moved successfully.

OTM by OldTimer - Version 3.1.10.0 log created on 03102010_195912


#10 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 10 March 2010 - 11:51 PM

Next is the ActiveScan report:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-03-10 22:46:06
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Internet Security 9.0.0.736 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@atdmt[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@tribalfusion[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@ad.yieldmanager[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@advertising[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator.shobhaswarooppc\cookies\hp_administrator@ads.pointroll[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\documents and settings\hp_administrator\cookies\hp_administrator@target[1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No c:\program files\online services\peoplepc\isp5900\dll\ras.dll
00450614 Adware/2Search Adware No 0 No No c:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe[ppctoolbar.dll]
00519333 Application/Processor HackTools No 0 Yes No c:\temp\virtumundobegone.exe
00519333 Application/Processor HackTools No 0 Yes No j:\swaroops\recent\fq\virtumundobegone.exe
02717081 JS/Sality.AX Virus No 1 Yes No d:\shobhas\films.htm
03983016 Generic Malware Virus/Trojan No 0 Yes No c:\program files\updates from hp\9972322\program\interop.shdocvw.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\hp\recovery\wizard\fscommand\cdlogic_ret.exe
No c:\hp\recovery\wizard\swr_wizard.exe
No c:\program files\online services\msn90\pkgs\en\us\msncli.exe[c:\program files\online services\msn90\pkgs\en\us\msncli.exe][mailares.dll]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================


#11 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 10 March 2010 - 11:54 PM

This is the combofix log:


ComboFix 10-02-27.04 - HP_Administrator 02/28/2010 2:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3058 [GMT -6:00]
Running from: c:\temp\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~2.SHO\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Application Data\{C641D4B6-1C4E-4CD8-80A4-55F7A5362678}
c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Application Data\{C641D4B6-1C4E-4CD8-80A4-55F7A5362678}\chrome\content\_cfg.js
c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Application Data\{C641D4B6-1C4E-4CD8-80A4-55F7A5362678}\chrome\content\overlay.xul
c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Application Data\{C641D4B6-1C4E-4CD8-80A4-55F7A5362678}\install.rdf
c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 06:09 . 2010-02-28 05:46 401720 ----a-w- c:\temp\HijackThis.exe
2010-02-28 06:09 . 2010-02-28 05:45 3874477 ----a-r- c:\temp\ComboFix.exe
2010-02-28 05:34 . 2010-02-28 05:34 -------- d-----w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Local Settings\Application Data\Threat Expert
2010-02-28 05:25 . 2009-11-10 16:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-28 05:25 . 2009-11-10 16:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-28 05:25 . 2008-11-26 18:08 131 ----a-w- c:\windows\IDB.zip
2010-02-28 05:25 . 2009-11-10 16:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-28 05:25 . 2009-11-10 16:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-02-28 05:25 . 2009-10-28 07:36 1152444 ----a-w- c:\windows\UDB.zip
2010-02-28 05:17 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-28 05:17 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-28 05:17 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-28 05:17 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-28 05:17 . 2010-02-28 06:12 -------- d-----w- c:\program files\Spyware Doctor
2010-02-28 05:17 . 2010-02-28 05:25 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-28 05:17 . 2010-02-28 05:17 -------- d-----w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\PC Tools
2010-02-28 05:17 . 2010-02-28 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-28 05:11 . 2010-02-28 05:11 100352 ---ha-w- c:\windows\system32\qopolj.dll
2010-02-28 05:02 . 2010-02-28 05:00 96978 ----a-w- c:\temp\VirtumundoBeGone.exe
2010-02-28 03:36 . 2009-12-12 00:05 3613560 ----a-w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Simply Super Software\Trojan Remover\oto44.exe
2010-02-27 23:09 . 2010-02-27 23:09 363008 ----a-w- c:\temp\rkill.com
2010-02-27 22:40 . 2010-02-27 22:40 -------- d-----w- C:\VundoFix Backups
2010-02-27 22:40 . 2010-02-27 22:40 137728 ----a-w- c:\temp\VundoFix.exe
2010-02-27 22:12 . 2010-02-27 22:12 100352 ---ha-w- c:\windows\system32\qomnnm.dll
2010-02-27 21:44 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-27 21:44 . 2010-02-28 04:33 -------- d-----w- C:\MAnMlwr
2010-02-27 21:44 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-27 21:15 . 2010-02-27 21:48 100352 ---ha-w- c:\windows\system32\geeccy.dll.vir
2010-02-27 19:42 . 2010-02-28 08:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-27 19:40 . 2010-02-27 19:40 -------- d-----w- c:\program files\Trojan Remover
2010-02-27 19:39 . 2010-02-27 19:39 9228416 ----a-w- c:\temp\trjsetup681.exe
2010-02-27 19:37 . 2010-02-27 19:36 8877640 ----a-w- c:\temp\i2_trj681.exe
2010-02-27 19:36 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-27 19:36 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-27 19:36 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-27 19:36 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-02-27 19:36 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-27 19:36 . 2010-02-27 19:40 -------- d-----w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Simply Super Software
2010-02-27 19:36 . 2010-02-27 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-27 19:19 . 2010-02-27 19:43 100352 ---ha-w- c:\windows\system32\vtuvvu.dll.vir
2010-02-27 19:13 . 2010-02-27 19:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-02-21 07:31 . 2010-02-21 07:31 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-21 04:38 . 2010-02-21 04:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 08:10 . 2009-11-08 00:56 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-28 04:31 . 2005-06-17 20:33 250368 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-27 22:25 . 2009-11-08 04:41 -------- d-----w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\vlc
2010-02-27 19:13 . 2010-02-27 19:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-27 19:13 . 2010-02-25 02:24 -------- d-----w- c:\program files\CDisplay
2010-02-27 19:13 . 2009-09-08 00:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-27 18:08 . 2009-11-08 20:48 -------- d-----w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Free Download Manager
2010-02-27 16:11 . 2010-02-27 16:11 100352 ----a-w- c:\windows\system32\cbxuut.dll.vir
2010-02-27 16:09 . 2010-02-27 16:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitDefender
2010-02-27 07:55 . 2010-02-27 07:55 100864 ----a-w- c:\windows\system32\mlkkli.dll.vir
2010-02-27 07:50 . 2010-02-27 07:50 89088 ---ha-w- c:\windows\system32\xxvtrr.dll
2010-02-24 01:38 . 2009-11-08 01:38 117760 ----a-w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-21 09:51 . 2009-10-22 01:54 132 ----a-w- C:\httpdwl.dat
2010-02-20 23:42 . 2010-01-13 22:44 120 ----a-w- c:\windows\Dwugikehade.dat
2010-02-20 23:42 . 2010-01-13 22:44 0 ----a-w- c:\windows\Kgidejuco.bin
2010-01-14 14:30 . 2010-01-14 14:30 52224 ----a-w- c:\documents and settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 14:08 . 2009-11-07 23:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-01 23:43 . 2009-12-15 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-01 01:33 . 2010-01-01 01:29 -------- d-----w- c:\program files\Ultra MKV Converter
2009-12-31 16:50 . 2009-09-07 12:32 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2009-09-07 12:33 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-09-07 05:31 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2009-09-07 05:29 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-10 18:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-10 18:00 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2009-09-07 12:31 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-12 21:20 . 2009-09-08 23:45 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-09-22 03:55 . 2009-09-22 01:55 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-21 2012912]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]
"mlifcydrv"="qomnnm.dll" [2010-02-27 100352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-14 7557120]
"nwiz"="nwiz.exe" [2006-02-14 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-16 49152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-11-08 69632]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-07 180269]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-18 1070984]
"ljiggfsys"="xxvtrr.dll" [2010-02-27 89088]
"ddayyxdrv"="qomnnm.dll" [2010-02-27 100352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"hgfedcsys"="xxvtrr.dll" [2010-02-27 89088]
"pmkhihdrv"="qomnnm.dll" [2010-02-27 100352]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-17 27136]

c:\documents and settings\Guest.SHOBHASWAROOPPC\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-17 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2009-9-7 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 xxvtrr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/27/2010 11:17 PM 207280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 12:50 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 12:50 PM 66632]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [7/2/2008 1:07 PM 82696]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2/27/2010 11:25 PM 112592]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2/3/2009 2:39 PM 427192]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [8/12/2008 6:40 PM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [8/14/2008 6:54 PM 104456]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 12:50 PM 12872]
S2 gupdate1ca61ad757d7c38;Google Update Service (gupdate1ca61ad757d7c38);c:\program files\Google\Update\GoogleUpdate.exe [11/9/2009 8:28 PM 133104]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 1:06 PM 118784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2/27/2010 11:17 PM 365280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 02:28]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-10 02:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: trymedia.com
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.bridgelogix.com/CACHE/stc/1/binaries/vpnweb.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\qomnnm.dll
c:\windows\system32\wininet.dll

- - - - - - - > 'lsass.exe'(1176)
c:\windows\system32\xxvtrr.dll
c:\windows\system32\wininet.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3432)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\qomnnm.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll

- - - - - - - > 'csrss.exe'(1096)
c:\windows\system32\wininet.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DISC\DiscStreamHub.exe
c:\hp\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Completion time: 2010-02-28 02:26:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-28 08:26
ComboFix2.txt 2010-02-28 06:42

Pre-Run: 115,623,968,768 bytes free
Post-Run: 115,574,439,936 bytes free

- - End Of File - - 586E12ADCA38D531B993FC01E0BBA18F




This is the vundofix log:


VundoFix V7.0.0

Scan started at 4:40:44 PM 2/27/2010

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.0

Scan started at 10:36:46 PM 2/27/2010

Listing files found while scanning....

No infected files were found.


VundoFix V7.0.6

Scan started at 9:05:56 PM 3/1/2010

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.6

Scan started at 7:43:48 PM 3/4/2010

Listing files found while scanning....

No infected files were found.

Lastly, here is the RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-03-10 22:47:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (80%) free of 138 GB
Total RAM: 3582 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:26 PM, on 3/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\temp\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.bridgelogix.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257654706281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1ca61ad757d7c38) (gupdate1ca61ad757d7c38) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11324 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2009-09-07 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-11-07 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-02-22 143360]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-14 7557120]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e089f862-0e8e-11df-b373-001731db77de}]
shell\AutoRun\command - L:\VUNDOFIX.EXE


======List of files/folders created in the last 1 months======

2010-03-10 20:02:10 ----D---- C:\WINDOWS\LastGood
2010-03-10 20:01:23 ----D---- C:\Program Files\Panda Security
2010-03-10 19:59:12 ----D---- C:\_OTM
2010-03-09 14:49:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-08 14:29:34 ----D---- C:\Program Files\trend micro
2010-03-08 14:29:32 ----D---- C:\rsit
2010-03-06 09:57:21 ----HD---- C:\WINDOWS\PIF
2010-03-05 21:43:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-05 15:03:19 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files\Java
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-05 15:02:50 ----A---- C:\WINDOWS\system32\java.exe
2010-03-04 21:20:36 ----D---- C:\Program Files\Kaspersky Lab
2010-03-04 21:20:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-03-04 21:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-01 21:04:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-28 11:00:37 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-28 02:26:14 ----A---- C:\ComboFix.txt
2010-02-28 00:11:48 ----D---- C:\WINDOWS\ERDNT
2010-02-27 23:25:03 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-02-27 23:25:02 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-02-27 23:17:13 ----D---- C:\Program Files\Spyware Doctor
2010-02-27 16:40:44 ----A---- C:\VundoFix.txt
2010-02-27 13:42:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-27 13:36:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unrar3.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-02-27 13:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-02-24 20:24:18 ----D---- C:\Program Files\CDisplay
2010-02-23 23:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-10 22:46:06 ----D---- C:\temp
2010-03-10 22:27:19 ----D---- C:\WINDOWS\Temp
2010-03-10 22:08:20 ----AD---- C:\WINDOWS
2010-03-10 21:06:32 ----D---- C:\WINDOWS\Prefetch
2010-03-10 20:08:46 ----D---- C:\WINDOWS\system32\drivers
2010-03-10 20:02:11 ----HD---- C:\WINDOWS\inf
2010-03-10 20:01:23 ----D---- C:\Program Files
2010-03-10 19:59:13 ----D---- C:\WINDOWS\system32
2010-03-10 19:54:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-10 19:54:28 ----D---- C:\Program Files\Mozilla Firefox
2010-03-10 19:52:53 ----D---- C:\WINDOWS\system32\Lang
2010-03-10 19:52:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 19:52:28 ----D---- C:\WINDOWS\Registration
2010-03-09 14:49:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-09 14:49:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-09 14:49:30 ----D---- C:\Program Files\Movie Maker
2010-03-09 14:48:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-09 14:47:15 ----D---- C:\WINDOWS\Debug
2010-03-09 14:03:50 ----SHD---- C:\WINDOWS\CSC
2010-03-08 00:46:15 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Free Download Manager
2010-03-08 00:45:40 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\vlc
2010-03-06 10:43:27 ----SHD---- C:\System Volume Information
2010-03-06 10:43:27 ----D---- C:\WINDOWS\system32\Restore
2010-03-05 21:46:07 ----SD---- C:\WINDOWS\Tasks
2010-03-05 15:03:19 ----SHD---- C:\WINDOWS\Installer
2010-03-05 15:03:18 ----D---- C:\Config.Msi
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files
2010-03-05 15:02:25 ----D---- C:\Program Files\Java
2010-03-04 21:13:16 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\SUPERAntiSpyware.com
2010-03-04 21:07:39 ----D---- C:\WINDOWS\WinSxS
2010-03-04 21:06:21 ----A---- C:\bdlog.txt
2010-03-04 21:06:19 ----A---- C:\WINDOWS\bdagent.INI
2010-03-01 23:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 20:09:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-01 20:00:53 ----D---- C:\Program Files\Quicken
2010-03-01 20:00:35 ----A---- C:\WINDOWS\QUICKEN.INI
2010-03-01 19:57:55 ----D---- C:\Program Files\HP Games
2010-03-01 19:57:14 ----D---- C:\Program Files\GemMaster
2010-02-28 11:06:27 ----D---- C:\WINDOWS\repair
2010-02-28 02:21:51 ----A---- C:\WINDOWS\system.ini
2010-02-28 02:06:29 ----D---- C:\WINDOWS\AppPatch
2010-02-28 00:18:35 ----D---- C:\WINDOWS\system32\config
2010-02-27 23:46:48 ----D---- C:\WINDOWS\system32\FxsTmp
2010-02-27 16:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 13:13:45 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-27 01:50:31 ----A---- C:\WINDOWS\ODBC.INI
2010-02-26 17:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-23 23:28:08 ----D---- C:\WINDOWS\ie8updates
2010-02-21 15:18:38 ----D---- C:\WINDOWS\Minidump
2010-02-21 15:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-21 01:31:52 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-04 315408]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-14 3642784]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-13 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-11-07 111112]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-22 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-05 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-14 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S2 gupdate1ca61ad757d7c38;Google Update Service (gupdate1ca61ad757d7c38); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 133104]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-23 413696]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------

#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 11 March 2010 - 12:02 AM

Hello, satya72.
Logs look good. Let's just delete a few things from the activescan log.
We need to run an OTM script
  1. Double click the OTM icon on your desktop.
  2. Paste the following code under the Paste Instructions for Items to be Moved area. Do not include the word "Code".
    CODE
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
      00

    :Files
    c:\program files\online services
    c:\temp\virtumundobegone.exe
    j:\swaroops\recent\fq\virtumundobegone.exe
    d:\shobhas\films.htm
  3. Push the large MoveIt! button.
    **OTM may ask to reboot the machine. Please do so if asked.
  4. Copy/Paste the contents under the Results line here in your next reply.
  5. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


In your next reply, please include the following:
  • OTM Log
  • Fresh RSIT log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 11 March 2010 - 02:37 PM

Hi aommaster,

I completed the steps as instructed.

Here is the log from OTM:

========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,00 /E : value set successfully!
========== FILES ==========
c:\program files\Online Services\PeoplePC\Utilities folder moved successfully.
c:\program files\Online Services\PeoplePC\System\Unicode folder moved successfully.
c:\program files\Online Services\PeoplePC\System\Redist folder moved successfully.
c:\program files\Online Services\PeoplePC\System\ANSI folder moved successfully.
c:\program files\Online Services\PeoplePC\System folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\Users folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\Updates folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\Phonebooks folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\Locations folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\DLL folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\CallRecordManager\CallRecords folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer\CallRecordManager folder moved successfully.
c:\program files\Online Services\PeoplePC\SmartDialer folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Utilities folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\System\UniCode folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\System\ANSI folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\System folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\ISP50\Setup\I folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\ISP50\Setup folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\ISP50\Bin folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\ISP50 folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Icon folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Dll folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Dialer\Updates folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Dialer\Dms folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Dialer\Dll folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Dialer folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Branding\XP folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Branding\NT folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Branding\9X folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Branding folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900\Accelerated folder moved successfully.
c:\program files\Online Services\PeoplePC\ISP5900 folder moved successfully.
c:\program files\Online Services\PeoplePC\Images folder moved successfully.
c:\program files\Online Services\PeoplePC\IE\EN folder moved successfully.
c:\program files\Online Services\PeoplePC\IE folder moved successfully.
c:\program files\Online Services\PeoplePC\ICON folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Toasts\images folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Toasts folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Style folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Scripts folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\password folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Images\Content folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Images folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Data folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\Content folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\accelerated\images folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA\accelerated folder moved successfully.
c:\program files\Online Services\PeoplePC\HTA folder moved successfully.
c:\program files\Online Services\PeoplePC\Help folder moved successfully.
c:\program files\Online Services\PeoplePC\DUN folder moved successfully.
c:\program files\Online Services\PeoplePC\Browser folder moved successfully.
c:\program files\Online Services\PeoplePC\Bin folder moved successfully.
c:\program files\Online Services\PeoplePC\Accelerated folder moved successfully.
c:\program files\Online Services\PeoplePC folder moved successfully.
c:\program files\Online Services\NetscapeOnline folder moved successfully.
c:\program files\Online Services\MSN90\pkgs\en\us\ms folder moved successfully.
c:\program files\Online Services\MSN90\pkgs\en\us folder moved successfully.
c:\program files\Online Services\MSN90\pkgs\en folder moved successfully.
c:\program files\Online Services\MSN90\pkgs folder moved successfully.
c:\program files\Online Services\MSN90 folder moved successfully.
c:\program files\Online Services\eBay folder moved successfully.
c:\program files\Online Services\EarthLink folder moved successfully.
c:\program files\Online Services\digiterra folder moved successfully.
c:\program files\Online Services\Canada\NetscapeOnline folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\media folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\vwpt folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\tpspd folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\tb folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\sysinfo folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\ocp folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\fw folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\flash folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\art folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\aol folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps\acs folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX\comps folder moved successfully.
c:\program files\Online Services\Canada\AOL-MAX folder moved successfully.
c:\program files\Online Services\Canada folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\MEDIA folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\HTML\L\IMAGES folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\HTML\L folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\HTML folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\COMPS\LP folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\COMPS\AOL folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E\COMPS folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90E folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\MEDIA folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\HTML\C\IMAGES folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\HTML\C folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\HTML folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\VWPT folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\TPSPD folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\TB folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\SYSINFO folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\RP folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\QT folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\OCP folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\LP folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\FW folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\FLASH folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\COACH folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\ASP folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\ART folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\AOL folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS\ACS folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90\COMPS folder moved successfully.
c:\program files\Online Services\Aol\United States\AOL90 folder moved successfully.
c:\program files\Online Services\Aol\United States folder moved successfully.
c:\program files\Online Services\Aol\Canada\media folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\vwpt folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\tpspd folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\tb folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\sysinfo folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\ocp folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\fw folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\flash folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\art folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\aol folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps\acs folder moved successfully.
c:\program files\Online Services\Aol\Canada\comps folder moved successfully.
c:\program files\Online Services\Aol\Canada folder moved successfully.
c:\program files\Online Services\Aol folder moved successfully.
c:\program files\Online Services folder moved successfully.
c:\temp\VirtumundoBeGone.exe moved successfully.
j:\swaroops\recent\fq\VirtumundoBeGone.exe moved successfully.
d:\shobhas\films.htm moved successfully.

OTM by OldTimer - Version 3.1.10.0 log created on 03112010_133208


Next, here is the latest log from RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-03-11 13:33:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 111 GB (80%) free of 138 GB
Total RAM: 3582 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:07 PM, on 3/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\temp\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.bridgelogix.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257654706281
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boeing.webex.com/client/T26LBA/webex/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Google Update Service (gupdate1ca61ad757d7c38) (gupdate1ca61ad757d7c38) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 11277 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for HP_Administrator.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for HP_Administrator.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2009-09-07 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-09-07 1191424]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-11-07 95536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-02-22 143360]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-02-14 7557120]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-07 180269]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e089f862-0e8e-11df-b373-001731db77de}]
shell\AutoRun\command - L:\VUNDOFIX.EXE


======List of files/folders created in the last 1 months======

2010-03-10 20:01:23 ----D---- C:\Program Files\Panda Security
2010-03-10 19:59:12 ----D---- C:\_OTM
2010-03-09 14:49:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-08 14:29:34 ----D---- C:\Program Files\trend micro
2010-03-08 14:29:32 ----D---- C:\rsit
2010-03-06 09:57:21 ----HD---- C:\WINDOWS\PIF
2010-03-05 21:43:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-05 15:03:19 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files\Java
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-05 15:02:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-03-05 15:02:50 ----A---- C:\WINDOWS\system32\java.exe
2010-03-04 21:20:36 ----D---- C:\Program Files\Kaspersky Lab
2010-03-04 21:20:36 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-03-04 21:11:34 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-01 21:04:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-02-28 11:00:37 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-28 02:26:14 ----A---- C:\ComboFix.txt
2010-02-28 00:11:48 ----D---- C:\WINDOWS\ERDNT
2010-02-27 23:25:03 ----A---- C:\WINDOWS\BDTSupport.dll.old
2010-02-27 23:25:02 ----A---- C:\WINDOWS\PCTBDCore.dll.old
2010-02-27 23:17:13 ----D---- C:\Program Files\Spyware Doctor
2010-02-27 16:40:44 ----A---- C:\VundoFix.txt
2010-02-27 13:42:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-27 13:36:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unrar3.dll
2010-02-27 13:36:40 ----A---- C:\WINDOWS\system32\unacev2.dll
2010-02-27 13:36:35 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2010-02-24 20:24:18 ----D---- C:\Program Files\CDisplay
2010-02-23 23:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$

======List of files/folders modified in the last 1 months======

2010-03-11 13:32:44 ----D---- C:\WINDOWS\Prefetch
2010-03-11 13:32:20 ----D---- C:\temp
2010-03-11 13:32:20 ----D---- C:\Program Files
2010-03-11 13:30:38 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 13:29:46 ----AD---- C:\WINDOWS
2010-03-11 13:29:45 ----D---- C:\WINDOWS\Temp
2010-03-11 13:29:45 ----D---- C:\WINDOWS\system32\Lang
2010-03-11 13:07:11 ----D---- C:\WINDOWS\Registration
2010-03-10 22:56:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-10 22:56:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-10 20:08:46 ----D---- C:\WINDOWS\system32\drivers
2010-03-10 20:02:11 ----HD---- C:\WINDOWS\inf
2010-03-10 19:59:13 ----D---- C:\WINDOWS\system32
2010-03-10 19:54:53 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-09 14:49:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-03-09 14:49:30 ----D---- C:\Program Files\Movie Maker
2010-03-09 14:48:44 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-09 14:47:15 ----D---- C:\WINDOWS\Debug
2010-03-09 14:03:50 ----SHD---- C:\WINDOWS\CSC
2010-03-08 00:46:15 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\Free Download Manager
2010-03-08 00:45:40 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\vlc
2010-03-06 10:43:27 ----SHD---- C:\System Volume Information
2010-03-06 10:43:27 ----D---- C:\WINDOWS\system32\Restore
2010-03-05 21:46:07 ----SD---- C:\WINDOWS\Tasks
2010-03-05 15:03:19 ----SHD---- C:\WINDOWS\Installer
2010-03-05 15:03:18 ----D---- C:\Config.Msi
2010-03-05 15:03:17 ----D---- C:\Program Files\Common Files
2010-03-05 15:02:25 ----D---- C:\Program Files\Java
2010-03-04 21:13:16 ----D---- C:\Documents and Settings\HP_Administrator.SHOBHASWAROOPPC\Application Data\SUPERAntiSpyware.com
2010-03-04 21:07:39 ----D---- C:\WINDOWS\WinSxS
2010-03-04 21:06:21 ----A---- C:\bdlog.txt
2010-03-04 21:06:19 ----A---- C:\WINDOWS\bdagent.INI
2010-03-01 23:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-01 20:09:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-01 20:00:53 ----D---- C:\Program Files\Quicken
2010-03-01 20:00:35 ----A---- C:\WINDOWS\QUICKEN.INI
2010-03-01 19:57:55 ----D---- C:\Program Files\HP Games
2010-03-01 19:57:14 ----D---- C:\Program Files\GemMaster
2010-02-28 11:06:27 ----D---- C:\WINDOWS\repair
2010-02-28 02:21:51 ----A---- C:\WINDOWS\system.ini
2010-02-28 02:06:29 ----D---- C:\WINDOWS\AppPatch
2010-02-28 00:18:35 ----D---- C:\WINDOWS\system32\config
2010-02-27 23:46:48 ----D---- C:\WINDOWS\system32\FxsTmp
2010-02-27 16:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-02-27 13:13:45 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-27 01:50:31 ----A---- C:\WINDOWS\ODBC.INI
2010-02-26 17:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-23 23:28:08 ----D---- C:\WINDOWS\ie8updates
2010-02-21 15:18:38 ----D---- C:\WINDOWS\Minidump
2010-02-21 15:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-21 01:31:52 ----D---- C:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-03-04 315408]
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-02-14 3642784]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-13 19072]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2009-11-07 111112]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-22 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-05 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-02-14 143426]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S2 gupdate1ca61ad757d7c38;Google Update Service (gupdate1ca61ad757d7c38); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-09 133104]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-23 413696]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:13 PM

Posted 11 March 2010 - 02:40 PM

Hi!

Logs look good. Are you experiencing any problems with your PC?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 satya72

satya72
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 12 March 2010 - 04:08 PM

Hi aommaster,

I really appreciate all your help. Than you very much.

No problems with my PC since the clean up. But it is a bit sluggish. Probably needs a tune up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users