Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Internet Secuirty Pop-up Malware/Virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 lgardinor

lgardinor

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 09 April 2010 - 08:51 PM

Hi everyone. I've been trying to deal with this issue on my own but to no avail. I am stuck in malware limbo.

I did attempt to do all the prep you suggest/require prior to posting a new thread however, neither DDS nor GMER would work. DDS did nothing after the black DOS screen popped up. GMER crashed my computer and caused a reboot (twice).

I am in desperate need of help.

Attached is a screen shot of the pop-up I am getting.


Thank you so much for all that you do here.
Lynn


PS...
I have an HP computer running Windows XP. Please let me know if you need anymore info on my computer.

Thanks again.


Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 10 April 2010 - 01:36 PM


Hello Lynn smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


We need to get something so I can try to make a better assessment of the problem you have.

If you have DDS on your desktop delete the one you have and download another one but try renaming it to something you can remember then save it to your desktop and try it again. Before you do that run RKill which I have posted below if possible. Also try running GMER after running the following but make sure you have disabled your antivirus along with anything like TeaTimer or Windows Defender which may be on your machine. Instructions can be found HERE.



RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.









Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 10 April 2010 - 05:49 PM

Hi Wall! Thank you so much.

Here is the rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as HP_Administrator on 04/10/2010 at 18:47:02.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\HP_Administrator\Desktop\rkill.pif


Rkill completed on 04/10/2010 at 18:47:05.


I tried to run DDS again - same result as before.

Edited by lgardinor, 10 April 2010 - 06:26 PM.


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 10 April 2010 - 10:52 PM

You're welcome!!


Give this a try:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 April 2010 - 09:11 AM

Good morning, thewall!

Here are the logs (this scan was run in safe mode):

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-04-11 10:00:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 75 GB (27%) free of 277 GB
Total RAM: 2046 MB (84% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:00:54 AM, on 4/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://http://localhost/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital

Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter

Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Administrator\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = E:\EReg\English\Epsonreg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program

Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program

Files\EverNote\EverNote\enbar.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -

C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -

http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1144630170046
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -

http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -

http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program

Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI

SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program

Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - c:\xampp\filezillaftp\filezillaserver.exe (file

missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network

Monitor\WLService.exe

--
End of file - 11011 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1456386107-3764052208-3861981028-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1456386107-3764052208-3861981028-1008UA.job
C:\WINDOWS\tasks\HP Usg Login.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18

61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-15 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-09 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class -

C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll [2008-11-01

217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-09

812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program

Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02

333192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll [2010-02-09 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[2005-06-01 49152]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-11-09 249856]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"EEventManager"=C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2005-04-08 102400]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2006-01-06 188416]
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe [2006-01-06 348160]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09

63712]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-15 2059544]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\HP_Administrator\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe [2009-09-11 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2005-11-11 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
C:\Program Files\DISC\DiscUpdateMgr.exe [2005-11-11 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe [2005-11-01 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[2009-09-11 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-07-18 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All

Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-02-22 36903]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Epson scanner Registration.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-02-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-15 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingPage"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authori

zedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital

Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital

Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital

Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital

Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital

Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from

HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Comodo\Comodo AntiVirus\CavEmSrv.exe"="C:\Program Files\Comodo\Comodo

AntiVirus\CavEmSrv.exe:*:Enabled:Comodo AntiVirus Email Proxy Server"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero

ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime Essentials"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authoriz

edapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from

HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN

Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1481b893-5627-11dc-8593

-806d6172696f}]
shell\AutoRun\command - F:\dvd_rom.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a1849ae-3da1-11dd-91a3-

0014bf73b6ae}]
shell\AutoRun\command - WScript.exe .\`.vbs
shell\open\command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cf9665d-4c6a-11dc-885f-0

014bf73b6ae}]
shell\AutoRun\command - WScript.exe .\`.vbs
shell\open\command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{acac4116-b83d-11dd-91f3-

0014bf73b6ae}]
shell\AutoRun\command - WScript.exe .\`.vbs
shell\open\command - WScript.exe .\`.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf4e092b-76b9-11de-9243-

0014bf73b6ae}]
shell\AutoRun\command - M:\LaunchU3.exe -a


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.scr - open -
.scr - install -
.scr - config -
.vbs - open -

======List of files/folders created in the last 1 months======

2010-04-11 10:00:47 ----D---- C:\rsit
2010-03-30 14:00:37 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-03-30 13:58:24 ----A---- C:\WINDOWS\system32\javaws.exe
2010-03-30 13:58:24 ----A---- C:\WINDOWS\system32\javaw.exe
2010-03-30 13:58:24 ----A---- C:\WINDOWS\system32\java.exe
2010-03-30 10:15:10 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-03-30 10:15:08 ----D---- C:\Program Files\IObit
2010-03-23 12:16:04 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-15 09:12:40 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of files/folders modified in the last 1 months======

2010-04-10 19:16:22 ----D---- C:\WINDOWS\Prefetch
2010-04-10 18:33:06 ----D---- C:\WINDOWS\temp
2010-04-10 16:52:52 ----AD---- C:\WINDOWS
2010-04-10 16:51:48 ----D---- C:\WINDOWS\Registration
2010-04-10 16:51:37 ----D---- C:\WINDOWS\system32
2010-04-10 16:51:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 16:25:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-08 09:15:40 ----SD---- C:\WINDOWS\Tasks
2010-04-02 23:41:34 ----D---- C:\Program Files\Mozilla Firefox
2010-03-30 14:00:36 ----SHD---- C:\WINDOWS\Installer
2010-03-30 14:00:36 ----HD---- C:\Config.Msi
2010-03-30 14:00:36 ----D---- C:\Program Files\Common Files\Java
2010-03-30 13:57:57 ----D---- C:\Program Files\Java
2010-03-30 10:15:08 ----D---- C:\Program Files
2010-03-30 10:02:56 ----D---- C:\WINDOWS\system32\drivers
2010-03-30 09:55:27 ----D---- C:\WINDOWS\SxsCaPendDel
2010-03-30 09:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-03-30 09:52:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-03-30 09:51:45 ----D---- C:\Program Files\Lavasoft
2010-03-28 22:15:16 ----A---- C:\WINDOWS\CRC.INI
2010-03-28 10:00:26 ----D---- C:\Program Files\Azureus
2010-03-25 21:51:01 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2010-03-25 09:43:28 ----SHD---- C:\RECYCLER
2010-03-25 09:40:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-03-23 12:38:19 ----HD---- C:\WINDOWS\inf
2010-03-23 12:16:10 ----D---- C:\WINDOWS\Minidump
2010-03-22 21:46:02 ----D---- C:\WINDOWS\WinSxS
2010-03-21 07:04:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DVD Flick
2010-03-17 23:28:14 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-17 14:04:47 ----D---- C:\temp
2010-03-14 19:00:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-12 22:17:04 ----D---- C:\Program Files\Safari

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-15 242696]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;

C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18

26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24

245248]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

[2009-03-25 130432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys

[2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys

[2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys

[2010-03-15 29512]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-28 20747]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-03-28 8413]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29

1204128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS

[2005-08-29 3644928]
S3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-02-04 3488768]
S3 ATIXPGAA;ATIXPGAA; \??\C:\Program Files\PC-Doctor 5 for Windows\ATIXPGAA.SYS []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 Dot4 HPH11;Dot4 HPH11; C:\WINDOWS\system32\DRIVERS\hphid411.sys [2006-01-06 50896]
S3 Dot4Print HPH11;Print Class Driver for IEEE-1284.4 HPH11; C:\WINDOWS\system32\DRIVERS\hphipr11.sys

[2006-01-06 16112]
S3 Dot4Storage HPH11;Storage Class Driver for IEEE-1284.4 (HPH11); C:\WINDOWS\System32\Drivers\hphs2k11.sys

[2006-01-06 50276]
S3 Dot4Usb HPH11;Dot4Usb HPH11; C:\WINDOWS\System32\drivers\hphius11.sys [2006-01-06 18928]
S3 ENUM1394;%1394\031887&040892.DeviceDesc%; C:\WINDOWS\system32\DRIVERS\enum1394.sys [2001-08-17

6400]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06

185728]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14

5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-05-22 47360]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16 22784]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver;

C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys

[2008-04-14 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14

19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;

C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-01 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeActiveFileMonitor;Adobe Active File Monitor; C:\Program Files\Adobe\Photoshop Elements

3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26

14336]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
S2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-02-04 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-11-28 520192]
S2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
S2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
S2 FileZilla Server;FileZilla Server FTP server; c:\xampp\filezillaftp\filezillaserver.exe []
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common

Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

[2003-06-20 322120]
S2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2005-06-17 749568]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe

[2008-04-14 14336]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network

Monitor\WLService.exe [2005-07-04 53307]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

[2006-03-28 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

[2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;

c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[2009-04-28 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

[2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

[2007-06-01 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26

145184]
S3 Pml Driver HPH11;Pml Driver HPH11; C:\WINDOWS\system32\HPHipm11.exe [2006-01-06 77824]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media

Player\WMPNetwk.exe [2006-10-18 913408]
S4 Evevdm;Evevdm; C:\WINDOWS\system32\drivers\imapi.sys [2008-04-14 42112]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-04-11 10:01:01

======Uninstall list======

-->"C:\Program Files\HP Games\Pretty in Pink\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
7-Zip 4.37 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Illustrator CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Photoshop Lightroom-->MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}
Adobe Reader 8.2.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Agere Systems PCI-SV92PP Soft Modem-->C:\WINDOWS\agrsmdel
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 8.04-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
AstroPop Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{BAE98904-26E4-4DAB-8DFA-68297CD972BA}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI MCE Control Panel-->MsiExec.exe /X{F6E97C07-B897-4C8C-AA9B-C8E0A85BC858}
ATI MCE Transcode-->MsiExec.exe /I{9A2AF890-B0CD-43DC-85F6-AA0B51024DFF}
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
AVIVO Codecs-->MsiExec.exe /X{C941F1F1-25B3-4DF5-83E6-888C51A1AAB6}
Barnyard Invasion from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
Blackhawk Striker 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bonnies Bookstore-->"C:\Program Files\HP Games\Bonnies Bookstore\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
Bulk Rename Utility-->MsiExec.exe /I{CB48E66B-2B62-4669-89B3-2C5E907222EA}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chalkaholic Plugin v 1.0-->"C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Little Ink Pot\unins000.exe"
Chuzzle Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
COMODO Registry Cleaner 1.0.17.23-->"C:\Program Files\COMODO\Registry Cleaner\unins000.exe"
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0-->"C:\Program Files\DVDFab 5\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Perf 3490 3590 Guide-->C:\Program Files\epson\guide\perf_3490_3590_e\uninstall.exe
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EverNote Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\Setup.exe" -l0x9
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FrostWire 4.13.1.5 BETA-->C:\Program Files\FrostWire\Uninstall.exe
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
greenstreet Business Card Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C90B9B5-0E70-493C-81B9-B925D573CF71}\Setup.exe" -l0x9
Harry's Filters 3-->C:\Program Files\Adobe\Photoshop CS\Plug-Ins\SXUNINST.EXE
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll"
Insaniquarium Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
James Patterson's Women's Murder Club: Twice in a Blue Moon-->"C:\Program Files\James Patterson's Women's Murder Club - Twice in a Blue Moon\Uninstall.exe"
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java™ 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
K-Lite Mega Codec Pack 1.54 Beta 2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KnockOut 2-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\Corel\KnockOut 2\UninstKO.isu"
Lemonade Tycoon 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\Uninstall.exe"
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Magic Audio Converter v8.3.2-->"C:\Program Files\Magic Audio Converter\unins000.exe"
Mah Jong Quest from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Murder, She Wrote-->"C:\Program Files\Murder She Wrote\Uninstall.exe"
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E073D315-3C54-44BF-A1B2-B5583AEA618C}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}\setup.exe" -l0x9
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Natural Color-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}\setup.exe"
Nero 7 Essentials-->MsiExec.exe /X{1A6A6531-08FC-47AD-BAC4-C41497E71033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
nik Color Efex Pro 2.0 GE-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Photoshop CS\Plug-Ins\nik Color Efex Pro 2.0 GE\uninstal.log
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Photosmart 130,230,7150,7345,7350,7550 (Remove only)-->C:\Program Files\HP Photosmart 11\Printer\hphuni04.exe
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Polar Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
Polaroid Dust and Scratch Removal v1.0.0.15.2e-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}\Setup.exe" -l0x9
Print Artist 22 Platinum-->MsiExec.exe /X{59716973-C123-4B46-B44B-36FCD9CEB8A3}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RAR Key Demo-->C:\PROGRA~1\Passware\demos\UNWISE.EXE /U C:\PROGRA~1\Passware\demos\rarkey.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
Safari-->MsiExec.exe /I{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}
SCRABBLE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Shrek 2 Ogre Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
SnapLog version 0.7.5.1 beta-->"C:\Program Files\SnapLog\unins000.exe"
Snowboard SuperJam from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Super Granny from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
Tablet-->C:\Program Files\Tablet\Remove.exe /u
The 80s Game with Martha Quinn-->"C:\Program Files\Funkitron\The 80s Game with Martha Quinn\uninstall.exe"
Thredgeholder Plugin v 1.0-->"C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Little Ink Pot\unins002.exe"
ThumbsPlus version 5.01-R-->C:\PROGRA~1\Thumbs5\UNWISE.EXE C:\PROGRA~1\Thumbs5\INSTALL.LOG
Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Turbo Lister 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vertus Fluid Mask 2.0.3-->"C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Adobe Photoshop Only\Filters\Vertus Fluid Mask\Uninstall.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VOB2MPG v3-->MsiExec.exe /I{5B2B26BA-44DB-4DC7-BBCF-653B248ADE77}
Vuze Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Vuze-->C:\Program Files\Azureus\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMPG VideoConvert 6.3-->"C:\Program Files\WinMPG VideoConvert\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xpose Plugin v 1.0-->"C:\Program Files\Adobe\Photoshop CS\Plug-Ins\Little Ink Pot\unins001.exe"
Zuma Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"

=====HijackThis Backups=====

O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll [2008-08-27]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ [2008-11-02]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-11-02]
O4 - HKLM\..\Policies\Explorer\Run: [explorer] `.vbe [2008-11-02]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: XPOSURE
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2EFB1EB3-2FDC-470A-BBB8-52AF8241C003}.

Record Number: 100962
Source Name: Server
Time Written: 20100223182408.000000-300
Event Type: warning
User:

Computer Name: XPOSURE
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
ftsata2

Record Number: 100928
Source Name: Service Control Manager
Time Written: 20100223172153.000000-300
Event Type: error
User:

Computer Name: XPOSURE
Event Code: 7023
Message: The IPSEC Services service terminated with the following error:
An invalid argument was supplied.


Record Number: 100926
Source Name: Service Control Manager
Time Written: 20100223172142.000000-300
Event Type: error
User:

Computer Name: XPOSURE
Event Code: 7000
Message: The FileZilla Server FTP server service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 100925
Source Name: Service Control Manager
Time Written: 20100223172142.000000-300
Event Type: error
User:

Computer Name: XPOSURE
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{2EFB1EB3-2FDC-470A-BBB8-52AF8241C003}.

Record Number: 100924
Source Name: Server
Time Written: 20100223172135.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: XPOSURE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 3322
Source Name: Adobe Active File Monitor
Time Written: 20091209234424.000000-300
Event Type:
User:

Computer Name: XPOSURE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 3312
Source Name: Adobe Active File Monitor
Time Written: 20091209232732.000000-300
Event Type:
User:

Computer Name: XPOSURE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 3304
Source Name: Adobe Active File Monitor
Time Written: 20091209230303.000000-300
Event Type:
User:

Computer Name: XPOSURE
Event Code: 2570
Message: Adobe Active File Monitor Service has Started.

Record Number: 3294
Source Name: Adobe Active File Monitor
Time Written: 20091209191325.000000-300
Event Type:
User:

Computer Name: XPOSURE
Event Code: 1002
Message: Hanging application audacity.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3286
Source Name: Application Hang
Time Written: 20091208130606.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Edited by lgardinor, 11 April 2010 - 10:45 AM.


#6 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 April 2010 - 10:53 AM

Reason for edit:

Duplicate post

Edited by thewall, 12 April 2010 - 06:03 PM.


#7 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 11 April 2010 - 12:28 PM

We are going to try to get ComboFix to run. This needs to be run in normal mode if at all possible.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#8 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 April 2010 - 04:12 PM

ComboFix 10-04-10.02 - HP_Administrator 04/11/2010 16:06:55.3.2 - x86
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH
c:\windows\msn
c:\windows\msn\windows.dat
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 14:00 . 2010-04-11 14:01 -------- d-----w- C:\rsit
2010-03-30 14:15 . 2010-03-30 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-03-30 14:15 . 2010-03-30 14:15 -------- d-----w- c:\program files\IObit
2010-03-26 01:46 . 2010-03-26 01:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-03-23 16:41 . 2010-03-23 16:41 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-23 16:41 . 2010-03-23 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
2010-03-23 16:40 . 2010-03-23 16:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-03-23 16:33 . 2010-03-23 16:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-23 01:52 . 2010-03-23 01:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-15 13:12 . 2010-03-15 13:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 20:00 . 2006-03-29 16:20 16154 ----a-w- c:\windows\system32\tablet.dat
2010-04-10 02:37 . 2009-12-03 02:37 0 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
2010-03-30 18:00 . 2006-02-22 14:27 -------- d-----w- c:\program files\Common Files\Java
2010-03-30 17:58 . 2010-03-30 17:58 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-193ec13a-n\msvcp71.dll
2010-03-30 17:58 . 2010-03-30 17:58 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-193ec13a-n\jmc.dll
2010-03-30 17:58 . 2010-03-30 17:58 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16bf1b4b-n\decora-sse.dll
2010-03-30 17:58 . 2010-03-30 17:58 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-193ec13a-n\msvcr71.dll
2010-03-30 17:58 . 2010-03-30 17:58 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-16bf1b4b-n\decora-d3d.dll
2010-03-30 17:57 . 2006-02-22 14:27 -------- d-----w- c:\program files\Java
2010-03-30 13:52 . 2007-07-14 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-30 13:51 . 2008-08-27 04:14 -------- d-----w- c:\program files\Lavasoft
2010-03-28 14:00 . 2007-08-16 01:58 -------- d-----w- c:\program files\Azureus
2010-03-26 01:51 . 2007-08-16 01:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2010-03-21 11:04 . 2008-05-12 21:44 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DVD Flick
2010-03-15 13:12 . 2010-03-15 13:12 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-15 13:12 . 2010-03-15 13:12 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-15 13:12 . 2010-03-15 13:12 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-15 13:12 . 2009-08-22 21:39 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-15 13:12 . 2009-08-22 21:39 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 13:12 . 2009-08-22 21:39 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-13 02:17 . 2008-04-03 01:04 -------- d-----w- c:\program files\Safari
2010-03-13 02:13 . 2010-03-13 02:13 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-12 00:41 . 2010-03-12 00:41 -------- d-----w- c:\program files\Common Files\gst
2010-03-12 00:41 . 2010-03-12 00:41 -------- d-----w- c:\program files\greenstreet
2010-03-12 00:41 . 2006-02-22 14:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 08:28 . 2008-11-01 18:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 21:56 . 2008-05-12 21:44 -------- d-----w- c:\program files\DVD Flick
2010-02-26 02:49 . 2008-05-23 01:52 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso
2010-02-06 01:10 . 2010-02-06 01:10 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-12 17:16 . 2010-01-12 17:16 91136 ---ha-w- c:\windows\system32\mlfcache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-11 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-09 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 13:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KITCO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 13:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 00:19 77312 ----a-w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2005-11-11 21:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-11-11 21:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
2005-11-01 10:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-11 23:31 133104 ----atw- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-07-18 21:55 451872 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 03:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 05:05 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"44057:TCP"= 44057:TCP:vuse

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 ATIXPGAA;ATIXPGAA;c:\program files\PC-Doctor 5 for Windows\ATIXPGAA.SYS [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-02 717296]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-15 242696]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2010-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 03:17]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 03:17]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1456386107-3764052208-3861981028-1008Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 23:31]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1456386107-3764052208-3861981028-1008UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 23:31]

2010-04-11 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2006-03-28 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: Add to AMV Convert Tool...
IE: Add to EverNote - c:\program files\EverNote\EverNote\enbar.dll/2000
IE: Add to Media Manager...
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\CavEmLSP.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2vhnt0u0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\2vhnt0u0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\CavEmLSP.dll
.
Completion time: 2010-04-11 16:39:20
ComboFix-quarantined-files.txt 2010-04-11 20:39
ComboFix2.txt 2008-08-17 01:44

Pre-Run: 76,881,342,464 bytes free
Post-Run: 78,594,052,096 bytes free

- - End Of File - - 9FC56AA4D037740454E7F5806168E617


Odd additional browser windows open when I click on links (sometimes). When I clicked to come to bleepingcomputer, an additional window opened with a url for feed.genieknowsdotcom.

Again, thank you so much for all your help.

#9 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 11 April 2010 - 05:15 PM

You're welcome Lynn! smile.gif


We really need to get a GMER scan. I want you to disable your AVG as well as anything like Windows Defender or Spybot TeaTimer if you have them on your computer. Instructions can be found at the link below:

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/



Next delete any version of GMER you may have on your desktop and download one from below. Uncheck the things I have in the following instructions and let's see if we have any luck.







Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries








If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#10 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 12 April 2010 - 07:31 AM

I tried to run this in normal mode but it caused reboots each time. These are the results from safe mode. Oh, still weird additional windows opening. This morning's window was for google-analyticsdotcom.

Thanks again.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-12 08:21:47
Windows 5.1.2600 Service Pack 3
Running: piobz0qw.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kfddipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs B9AD2400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0xC9 0xDF 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1E 0xC9 0xDF 0xFC ...

---- EOF - GMER 1.0.15 ----


#11 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 12 April 2010 - 11:21 AM

That didn't show anything. Let's try another one:

  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#12 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 12 April 2010 - 05:45 PM

Here is a SAFE MODE run:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/12 12:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA0C5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9C51000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==


Here is a NORMAL MODE run:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/04/12 13:39
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAB86E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA65C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7E41000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\hp_administrator\local settings\temp\perflib_perfdata_e6c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OLIJW1MZ
Status: Visible to the Windows API, but not on disk.

==EOF==


Thanks so much!

#13 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 12 April 2010 - 06:10 PM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#14 lgardinor

lgardinor
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 12 April 2010 - 08:48 PM

21:45:03:875 2992 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
21:45:03:875 2992 ================================================================================
21:45:03:875 2992 SystemInfo:

21:45:03:875 2992 OS Version: 5.1.2600 ServicePack: 3.0
21:45:03:875 2992 Product type: Workstation
21:45:03:875 2992 ComputerName: XPOSURE
21:45:03:875 2992 UserName: HP_Administrator
21:45:03:875 2992 Windows directory: C:\WINDOWS
21:45:03:875 2992 Processor architecture: Intel x86
21:45:03:875 2992 Number of processors: 2
21:45:03:875 2992 Page size: 0x1000
21:45:03:875 2992 Boot type: Normal boot
21:45:03:875 2992 ================================================================================
21:45:03:890 2992 UnloadDriverW: NtUnloadDriver error 2
21:45:03:890 2992 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:45:03:921 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
21:45:03:921 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:45:03:921 2992 wfopen_ex: Trying to KLMD file open
21:45:03:921 2992 wfopen_ex: File opened ok (Flags 2)
21:45:03:921 2992 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
21:45:03:921 2992 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:45:03:921 2992 wfopen_ex: Trying to KLMD file open
21:45:03:921 2992 wfopen_ex: File opened ok (Flags 2)
21:45:03:921 2992 Initialize success
21:45:03:921 2992
21:45:03:921 2992 Scanning Services ...
21:45:04:421 2992 Raw services enum returned 390 services
21:45:04:437 2992
21:45:04:437 2992 Scanning Kernel memory ...
21:45:04:437 2992 Devices to scan: 11
21:45:04:437 2992
21:45:04:437 2992 Driver Name: Disk
21:45:04:437 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:437 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:437 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:437 2992 IRP_MJ_READ : BA108D1F
21:45:04:437 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:437 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:437 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:437 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:437 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:437 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:437 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:437 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:437 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:437 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:437 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:437 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:437 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:437 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:437 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:437 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:437 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:437 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:437 2992 IRP_MJ_POWER : BA10AC82
21:45:04:437 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:437 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:437 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:437 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:453 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:453 2992
21:45:04:453 2992 Driver Name: Disk
21:45:04:453 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:453 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:453 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:453 2992 IRP_MJ_READ : BA108D1F
21:45:04:453 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:453 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:453 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:453 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:453 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:453 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:453 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:453 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_POWER : BA10AC82
21:45:04:453 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:453 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:453 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:453 2992
21:45:04:453 2992 Driver Name: Disk
21:45:04:453 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:453 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:453 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:453 2992 IRP_MJ_READ : BA108D1F
21:45:04:453 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:453 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:453 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:453 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:453 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:453 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:453 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:453 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_POWER : BA10AC82
21:45:04:453 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:453 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:453 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:453 2992
21:45:04:453 2992 Driver Name: Disk
21:45:04:453 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:453 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:453 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:453 2992 IRP_MJ_READ : BA108D1F
21:45:04:453 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:453 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:453 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:453 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:453 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:453 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:453 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:453 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:453 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:453 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:453 2992 IRP_MJ_POWER : BA10AC82
21:45:04:453 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:453 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:453 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:453 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:468 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:468 2992
21:45:04:468 2992 Driver Name: usbstor
21:45:04:468 2992 IRP_MJ_CREATE : BA40D218
21:45:04:468 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:468 2992 IRP_MJ_CLOSE : BA40D218
21:45:04:468 2992 IRP_MJ_READ : BA40D23C
21:45:04:468 2992 IRP_MJ_WRITE : BA40D23C
21:45:04:468 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:468 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:468 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:468 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:468 2992 IRP_MJ_DEVICE_CONTROL : BA40D180
21:45:04:468 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4089E6
21:45:04:468 2992 IRP_MJ_SHUTDOWN : 804F4562
21:45:04:468 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:468 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:468 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:468 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:468 2992 IRP_MJ_POWER : BA40C5F0
21:45:04:468 2992 IRP_MJ_SYSTEM_CONTROL : BA40AA6E
21:45:04:468 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:468 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:468 2992 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:45:04:468 2992
21:45:04:468 2992 Driver Name: usbstor
21:45:04:468 2992 IRP_MJ_CREATE : BA40D218
21:45:04:468 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:468 2992 IRP_MJ_CLOSE : BA40D218
21:45:04:468 2992 IRP_MJ_READ : BA40D23C
21:45:04:468 2992 IRP_MJ_WRITE : BA40D23C
21:45:04:468 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:468 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:468 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:45:04:468 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:468 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:468 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:468 2992 IRP_MJ_DEVICE_CONTROL : BA40D180
21:45:04:484 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4089E6
21:45:04:484 2992 IRP_MJ_SHUTDOWN : 804F4562
21:45:04:484 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:484 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_POWER : BA40C5F0
21:45:04:484 2992 IRP_MJ_SYSTEM_CONTROL : BA40AA6E
21:45:04:484 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:484 2992 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:45:04:484 2992
21:45:04:484 2992 Driver Name: usbstor
21:45:04:484 2992 IRP_MJ_CREATE : BA40D218
21:45:04:484 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:484 2992 IRP_MJ_CLOSE : BA40D218
21:45:04:484 2992 IRP_MJ_READ : BA40D23C
21:45:04:484 2992 IRP_MJ_WRITE : BA40D23C
21:45:04:484 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:484 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_DEVICE_CONTROL : BA40D180
21:45:04:484 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4089E6
21:45:04:484 2992 IRP_MJ_SHUTDOWN : 804F4562
21:45:04:484 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:484 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_POWER : BA40C5F0
21:45:04:484 2992 IRP_MJ_SYSTEM_CONTROL : BA40AA6E
21:45:04:484 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:484 2992 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:45:04:484 2992
21:45:04:484 2992 Driver Name: usbstor
21:45:04:484 2992 IRP_MJ_CREATE : BA40D218
21:45:04:484 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:484 2992 IRP_MJ_CLOSE : BA40D218
21:45:04:484 2992 IRP_MJ_READ : BA40D23C
21:45:04:484 2992 IRP_MJ_WRITE : BA40D23C
21:45:04:484 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:484 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_DEVICE_CONTROL : BA40D180
21:45:04:484 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA4089E6
21:45:04:484 2992 IRP_MJ_SHUTDOWN : 804F4562
21:45:04:484 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:484 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_POWER : BA40C5F0
21:45:04:484 2992 IRP_MJ_SYSTEM_CONTROL : BA40AA6E
21:45:04:484 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:484 2992 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
21:45:04:484 2992
21:45:04:484 2992 Driver Name: Disk
21:45:04:484 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:484 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:484 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:484 2992 IRP_MJ_READ : BA108D1F
21:45:04:484 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:484 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:484 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:484 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:484 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:484 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:484 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:484 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:484 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:484 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:484 2992 IRP_MJ_POWER : BA10AC82
21:45:04:484 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:484 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:484 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:484 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:500 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:500 2992
21:45:04:500 2992 Driver Name: Disk
21:45:04:500 2992 IRP_MJ_CREATE : BA10EBB0
21:45:04:500 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:500 2992 IRP_MJ_CLOSE : BA10EBB0
21:45:04:500 2992 IRP_MJ_READ : BA108D1F
21:45:04:500 2992 IRP_MJ_WRITE : BA108D1F
21:45:04:500 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:500 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:500 2992 IRP_MJ_FLUSH_BUFFERS : BA1092E2
21:45:04:500 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_DEVICE_CONTROL : BA1093BB
21:45:04:500 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : BA10CF28
21:45:04:500 2992 IRP_MJ_SHUTDOWN : BA1092E2
21:45:04:500 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:500 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:500 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:500 2992 IRP_MJ_POWER : BA10AC82
21:45:04:500 2992 IRP_MJ_SYSTEM_CONTROL : BA10F99E
21:45:04:500 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:500 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:500 2992 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
21:45:04:500 2992
21:45:04:500 2992 Driver Name: atapi
21:45:04:500 2992 IRP_MJ_CREATE : B9E406F2
21:45:04:500 2992 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
21:45:04:500 2992 IRP_MJ_CLOSE : B9E406F2
21:45:04:500 2992 IRP_MJ_READ : 804F4562
21:45:04:500 2992 IRP_MJ_WRITE : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_SET_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_EA : 804F4562
21:45:04:500 2992 IRP_MJ_SET_EA : 804F4562
21:45:04:500 2992 IRP_MJ_FLUSH_BUFFERS : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
21:45:04:500 2992 IRP_MJ_DIRECTORY_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_DEVICE_CONTROL : B9E40712
21:45:04:500 2992 IRP_MJ_INTERNAL_DEVICE_CONTROL : B9E3C852
21:45:04:500 2992 IRP_MJ_SHUTDOWN : 804F4562
21:45:04:500 2992 IRP_MJ_LOCK_CONTROL : 804F4562
21:45:04:500 2992 IRP_MJ_CLEANUP : 804F4562
21:45:04:500 2992 IRP_MJ_CREATE_MAILSLOT : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_SECURITY : 804F4562
21:45:04:500 2992 IRP_MJ_SET_SECURITY : 804F4562
21:45:04:500 2992 IRP_MJ_POWER : B9E4073C
21:45:04:500 2992 IRP_MJ_SYSTEM_CONTROL : B9E47336
21:45:04:500 2992 IRP_MJ_DEVICE_CHANGE : 804F4562
21:45:04:500 2992 IRP_MJ_QUERY_QUOTA : 804F4562
21:45:04:500 2992 IRP_MJ_SET_QUOTA : 804F4562
21:45:04:515 2992 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
21:45:04:515 2992
21:45:04:515 2992 Completed
21:45:04:515 2992
21:45:04:515 2992 Results:
21:45:04:515 2992 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
21:45:04:515 2992 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:45:04:515 2992 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:45:04:515 2992
21:45:04:515 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
21:45:04:515 2992 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
21:45:04:515 2992 KLMD(ARK) unloaded successfully


#15 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:16 PM

Posted 12 April 2010 - 09:45 PM

We may have to go to something different but first try the following:


I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users