Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host Process for Win32 Services Error


  • Please log in to reply
7 replies to this topic

#1 nathan1el

nathan1el

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 26 October 2010 - 09:39 PM

For the past 3 days, I've been having the error where after turning on my computer for a while the pop up saying "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." After it pops up my computer slowly gets slower and slower (in ~2 hours it'll completely freeze usually) and I can't open anything like iTunes, Firefox, Word, etc.. and I've tried like 5+ fixes for this, but nothing works and it's becoming a pain since like for all my homework I need the Internet.

My operating system is "Microsoft Windows XP, Media Center Addition, Version 2002, Service Pack 3"

ComboFix didn't work for me either :s but here's my ComboFix log:


ComboFix 10-10-25.04 - HP_Administrator 6/2010 Tue 20:43:23.6.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.3006.2734 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-24 22:17 . 2010-10-24 22:17 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-24 16:05 . 2010-10-24 16:05 389120 ----a-w- c:\windows\system32\CF19784.exe
2010-10-24 06:30 . 2010-10-24 06:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-10-24 06:17 . 2010-10-24 06:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-10-24 06:15 . 2010-10-24 06:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Trend Micro
2010-10-17 02:31 . 2010-10-17 02:31 -------- d-----w- c:\program files\iPod
2010-10-17 02:23 . 2010-10-17 02:23 -------- d-----w- c:\program files\Bonjour
2010-10-13 22:50 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 22:50 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 22:50 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 02:15 . 2010-10-06 02:16 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PeeringPortal
2010-10-06 02:10 . 2010-10-06 02:15 12349344 ----a-w- c:\windows\system32\WebPlayerSetup.exe
2010-10-06 02:01 . 2010-10-06 02:15 -------- d-----w- c:\program files\Mnet P3Modules
2010-10-06 02:00 . 2010-10-06 18:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Abacast
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\dvdcss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 19:09 . 2009-03-10 00:41 192512 ----a-w- c:\windows\system32\kdfvmgr.exe
2010-10-21 19:09 . 2009-03-10 00:41 77824 ----a-w- c:\windows\system32\kdfapi.dll
2010-10-21 19:09 . 2009-03-10 00:41 53248 ----a-w- c:\windows\system32\Kdfhok.dll
2010-10-21 19:09 . 2009-03-10 00:41 640352 ----a-w- c:\windows\system32\kdfmgr.exe
2010-09-18 17:23 . 2009-03-07 14:15 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-07 14:15 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-07 14:15 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2009-03-07 14:15 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2009-03-07 14:17 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2009-03-07 14:15 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2009-03-07 14:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2009-03-07 14:14 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2009-03-07 14:15 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2009-03-07 14:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-07 14:17 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-07 14:17 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-07 14:16 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-07 14:16 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-24 01:35 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-07 14:14 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-07 14:16 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-03-07 14:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-02 07:38 . 2010-08-02 07:38 53248 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-07-30 17:29 . 2009-03-10 00:35 249424 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-07-30 17:29 . 2009-03-10 00:35 36432 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-07-30 17:06 . 2009-03-10 00:35 1331512 ----a-w- c:\windows\system32\drivers\vsapint.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrendSecure Remote File Lock"="c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe" [2009-09-21 329040]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\82b5e0b2-324b-4826-af2a-72e35f83b2af.exe" [2009-03-23 1830128]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-02-28 2815488]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-04 2937528]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-03-28 3325952]
"Logitech Vid"="c:\program files\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
"Logitech Vid HD"="c:\program files\Logitech\Vid\vid.exe" [2010-05-11 6061400]
"pinomate"="c:\documents and settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pinomate.exe" [2010-08-13 49512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-21 995528]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" [2009-05-01 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536]
"WindowsLivePhone"="c:\program files\Windows Live\Device Manager\msgrdvmn.exe" [2008-12-22 787816]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2010-9-1 142336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2006-04-07 01:50 65536 ----a-w- c:\program files\DISC\DISCUpdMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 03:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxcrcoms.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Trend Micro\\TrendSecure\\TSCFCommander.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\PeeringPortal\\Pino\\pino.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Local Settings\\Application Data\\PeeringPortal\\Pino\\pinoupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"57696:TCP"= 57696:TCP:Pando Media Booster
"57696:UDP"= 57696:UDP:Pando Media Booster
"58254:TCP"= 58254:TCP:Pando Media Booster
"58254:UDP"= 58254:UDP:Pando Media Booster
"58815:TCP"= 58815:TCP:Pando Media Booster
"58815:UDP"= 58815:UDP:Pando Media Booster
"56187:TCP"= 56187:TCP:Pando Media Booster
"56187:UDP"= 56187:UDP:Pando Media Booster
"56364:TCP"= 56364:TCP:Pando Media Booster
"56364:UDP"= 56364:UDP:Pando Media Booster
"1035:TCP"= 1035:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [3/23/2009 2:07 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [3/23/2009 2:07 PM 72944]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/7/2009 9:16 AM 14336]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [1/8/2010 6:42 PM 285744]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [3/9/2009 7:37 PM 181584]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/9/2009 7:36 PM 50256]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/9/2009 7:37 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/9/2009 7:35 PM 36432]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/9/2009 7:37 PM 677128]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [3/23/2009 2:07 PM 7408]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/9/2009 7:35 PM 335376]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [3/10/2009 6:34 PM 132608]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [3/10/2009 6:34 PM 79104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva225;XDva225;\??\c:\windows\system32\XDva225.sys --> c:\windows\system32\XDva225.sys [?]
S3 XDva269;XDva269;\??\c:\windows\system32\XDva269.sys --> c:\windows\system32\XDva269.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva285;XDva285;\??\c:\windows\system32\XDva285.sys --> c:\windows\system32\XDva285.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-10-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} - hxxp://s.nx.com/activex/public_new/nxpm.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20100303.cab
DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} - hxxp://platform.nx.com/activex/ahnlab/mkdplus.cab
DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab
DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} - hxxp://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=LpWZ5idS&q=
FF - prefs.js: network.proxy.ftp - 69.117.43.23
FF - prefs.js: network.proxy.gopher - 69.117.43.23
FF - prefs.js: network.proxy.http - 69.117.43.23
FF - prefs.js: network.proxy.socks - 69.117.43.23
FF - prefs.js: network.proxy.ssl - 69.117.43.23
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\npAbacast.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\plugins\NPAbacheck.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\np-mswmp.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\nppcubecastclient.dll
FF - plugin: c:\documents and settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\nppinomate.dll
FF - plugin: c:\program files\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\windows\nppcubeloader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=LpWZ5idS&q=
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-26 21:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AF38446]<<
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AF65AB8]
2 ntkrnlpa[0x804EF1A6] -> CLASSPNP.SYS[0xB8108FD7] -> \Device\Harddisk0\DR0[0x8AF65AB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000086[0x8AFBCE98]
4 ntkrnlpa[0x804EF1A6] -> ACPI.sys[0xB7F7F620] -> \Device\00000086[0x8AFBCE98]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AECB940]
\Driver\atapi[0x8AFC32E0] -> IRP_MJ_CREATE -> 0x8AF38446
6 ntkrnlpa[0x804EF1A6] -> UNKNOWN[0x8AF38449] -> [0x8AECB940]
error: Read \Device\Ide\IdePort0 The system cannot find the file specified.
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskWDC_WD2000JS-60NCB1_____________________10.02E02#5&24a390b2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi DriverStartIo -> 0x8AF38292
\Driver\atapi -> atapi.sys @ 0xb7f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7e1dbb0
PacketIndicateHandler -> NDIS.sys @ 0xb7e2aa21
SendHandler -> NDIS.sys @ 0xb7e0887b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1436)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WININET.dll
c:\windows\system32\logishrd\LVPrcInj01.dll
c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLock.dll
c:\program files\Trend Micro\TrendSecure\RemoteFileLock\FileLockUI.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\conime.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
c:\windows\ARPWRMSG.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\lxcrcoms.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
c:\program files\Trend Micro\TrendSecure\TSCFCommander.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-10-26 21:26:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-27 02:25
ComboFix2.txt 2010-10-24 18:42
ComboFix3.txt 2010-05-06 21:53
ComboFix4.txt 2010-05-03 22:32
ComboFix5.txt 2010-10-26 22:13

Pre-Run: 12,184,461,312 bytes free
Post-Run: 9,438,773,248 bytes free

- - End Of File - - 9B2A69186DBE17949AFB8313CA472A19



EDIT: Posts merged ~BP

Edited by nathan1el, 27 October 2010 - 05:05 PM.
Moved from Windows Xp to a more appropriate forum as a CF log is included. ~Pandy


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:21 PM

Posted 05 November 2010 - 08:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 nathan1el

nathan1el
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 07 November 2010 - 04:11 PM

I'm happy someone finally replied, thank you!

What's happening is that my computer will boot up, and it seems perfectly fine. It's a bit slow at first since it's about ~4 years old, but that's normal I guess? I usually open iTunes, Firefox and MSN Messenger when I'm on my computer and while I'm working online I will get a pop up within 15 minutes to 2 hours that says: "Generic Host Process for Win32 has encountered an error and needs to shut down" and I'll be able to submit and error or not. It will seem fine, but about 2 minutes later Firefox will crash and MSN will log me out and my operating system will flash to like an "older version" (gray/blocky.. idk how to describe it exactly sorry). I won't be able to reconnect to Firefox or open anything up again after it happens and the only thing I can do is manually restart my computer only to have it happen again and again.

I've used Malware Bytes and SuperAntiSpyware normally and in Safemode and it hasn't worked. I also tried ComboFix, didn't work. I tried System Restorting back a few weeks, didn't work. I've tried about 5 different solutions off of Google that people said would work, but nothing has worked so far. I tried taking it into the GeekSquad, but it would cost $200 USD to fix it and I don't have that much to spend right now.


The scans:

OTL logfile created on: 11/7/2010 1:26:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 33.17 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.14% Space Free | Partition Type: FAT32
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 13:25:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/11/06 13:43:59 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\temp\dwm.exe
PRC - [2010/11/06 13:43:48 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Windows\shell.exe
PRC - [2010/10/31 11:52:27 | 000,050,208 | ---- | M] (Peering Portal, Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pinomate.exe
PRC - [2010/10/31 11:51:21 | 000,100,872 | ---- | M] () -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2010/10/31 11:51:02 | 000,100,872 | ---- | M] () -- C:\Program Files\DNA\btdna.exe
PRC - [2010/10/27 20:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files\Last.fm\LastFM.exe
PRC - [2010/10/27 00:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/24 01:10:52 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper .exe
PRC - [2010/09/24 01:10:48 | 009,777,448 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/09/01 11:44:28 | 000,142,336 | ---- | M] () -- C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
PRC - [2010/08/13 12:08:46 | 000,033,056 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/08/09 23:00:42 | 000,013,088 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
PRC - [2010/05/13 13:56:12 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2010/05/11 15:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid\Vid .exe
PRC - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 17:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 17:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 17:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/03/03 18:04:24 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB .exe
PRC - [2010/02/28 12:44:26 | 002,815,488 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP .exe
PRC - [2010/01/08 17:42:42 | 000,285,744 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/01/08 17:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/10/20 18:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/09/20 18:24:52 | 000,329,040 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe
PRC - [2009/09/03 19:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/09/03 18:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/03/24 18:09:36 | 000,169,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/03/23 13:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\82b5e0b2-324b-4826-af2a-72e35f83b2af .exe
PRC - [2009/03/10 18:33:43 | 000,288,368 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2009/03/10 18:33:43 | 000,124,536 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/03/03 02:46:13 | 000,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/14 05:08:59 | 000,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/13 04:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler .exe
PRC - [2006/02/06 23:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint .exe
PRC - [2006/02/02 21:11:22 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/01/22 11:45:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon .exe
PRC - [2005/08/02 18:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe


========== Modules (SafeList) ==========

MOD - [2010/11/07 13:25:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\System32\wuauserv.dll -- (wuauserv)
SRV - [2010/09/22 19:40:16 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/01/08 17:42:42 | 000,285,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/01/08 17:42:40 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/10/20 18:50:10 | 000,711,248 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/09/03 19:07:28 | 000,497,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/09/03 18:51:40 | 000,677,128 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2009/03/16 18:39:00 | 002,800,669 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/03/10 18:33:43 | 000,288,368 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/03/03 02:46:13 | 000,341,256 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/08/14 05:08:59 | 000,181,584 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service)
SRV - [2006/02/02 21:11:22 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2005/08/02 18:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva327.sys -- (XDva327)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva285.sys -- (XDva285)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva277.sys -- (XDva277)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva269.sys -- (XDva269)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva225.sys -- (XDva225)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\kffv.sys -- (wlemx)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Documents and Settings\HP_Administrator\My Documents\v55\TranquilityStory\npkcrypt.sys -- (npkcrypt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\neokdss.sys -- (neokdss)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/30 11:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010/07/30 11:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010/07/30 11:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2010/07/05 09:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 09:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 09:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/05/07 17:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/05/07 12:53:30 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/07 12:53:14 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2010/05/07 12:51:32 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/07 12:51:20 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/01/08 17:42:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/05/11 19:30:00 | 000,132,608 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/03/23 13:07:28 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/23 13:07:26 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/23 13:07:26 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/07 10:56:44 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009/03/03 17:12:44 | 000,080,400 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/03/03 03:08:15 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/17 09:32:00 | 000,079,104 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 12:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 12:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 12:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/10 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370



IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-613112609-3120048447-693283946-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: textlinks@playsushi.com:1.2.1
FF - prefs.js..keyword.URL: "http://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=LpWZ5idS&q="
FF - prefs.js..network.proxy.backup.ftp: "69.117.43.23"
FF - prefs.js..network.proxy.backup.ftp_port: 8231
FF - prefs.js..network.proxy.backup.gopher: "69.117.43.23"
FF - prefs.js..network.proxy.backup.gopher_port: 8231
FF - prefs.js..network.proxy.backup.socks: "69.117.43.23"
FF - prefs.js..network.proxy.backup.socks_port: 8231
FF - prefs.js..network.proxy.backup.ssl: "69.117.43.23"
FF - prefs.js..network.proxy.backup.ssl_port: 8231
FF - prefs.js..network.proxy.ftp: "69.117.43.23"
FF - prefs.js..network.proxy.gopher: "69.117.43.23"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "69.117.43.23"
FF - prefs.js..network.proxy.ssl: "69.117.43.23"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - user.js..keyword.URL: "http://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=LpWZ5idS&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2010/06/01 14:21:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 11:51:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 23:15:52 | 000,000,000 | ---D | M]

[2009/10/28 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/10/28 16:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2009/05/26 08:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/06 14:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions
[2010/10/23 14:43:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/23 13:37:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2010/10/23 13:37:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(2)
[2010/10/24 13:34:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/23 13:37:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(2)
[2010/10/24 17:26:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/23 13:37:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010/05/16 12:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\extensions\textlinks@playsushi.com
[2010/02/14 12:49:13 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\searchplugins\aim-search.xml
[2010/08/18 15:11:20 | 000,002,197 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\gvhf2bjp.default\searchplugins\google-search.xml
[2010/11/06 14:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/03 18:04:21 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/08/18 15:11:20 | 000,002,197 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-search.xml

O1 HOSTS File: ([2010/10/26 19:59:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [svchost] C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\svchost.exe File not found
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKLM..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe ()
O4 - HKU\.DEFAULT..\Run: [xslidwwb] C:\WINDOWS\temp\jwmuivwde\cejknbgtsbl.exe ()
O4 - HKU\S-1-5-18..\Run: [xslidwwb] C:\WINDOWS\temp\jwmuivwde\cejknbgtsbl.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid\Vid.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [Logitech Vid HD] C:\Program Files\Logitech\Vid\vid.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [pinomate] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pinomate.exe (Peering Portal, Inc.)
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\82b5e0b2-324b-4826-af2a-72e35f83b2af.exe ()
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [TrendSecure Remote File Lock] C:\Program Files\Trend Micro\TrendSecure\RemoteFileLock\FLMain.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-613112609-3120048447-693283946-1007..\Run: [WindowsLivePhone] C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [dIcNe00904] C:\Documents and Settings\All Users\Application Data\dIcNe00904\dIcNe00904.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [dIcNe00904] C:\Documents and Settings\All Users\Application Data\dIcNe00904\dIcNe00904.exe ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = C:\Program Files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe ()
F3 - HKU\S-1-5-21-613112609-3120048447-693283946-1007 WinNT: Load - (C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\HP_Administrator\Local Settings\temp\dwm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} http://s.nx.com/activex/public_new/nxpm.cab (Nexon Package Manager Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236449486093 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} http://patch.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2_20100303.cab (MnetHelper6 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1D886C6-4039-4451-97A9-515F5BE5D4C2} http://platform.nx.com/activex/ahnlab/mkdplus.cab (mkdplusCtrl Class)
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop.co.kr/ssl/MSecure.cab (MakeShop Secure Control)
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab (SBSWebPlayer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 68.115.71.53 24.196.64.53
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\LocalService\Application Data\hotfix.exe) - C:\Documents and Settings\LocalService\Application Data\hotfix.exe ()
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Documents and Settings\LocalService\Application Data\hotfix.exe) - C:\Documents and Settings\LocalService\Application Data\hotfix.exe ()
O20 - HKU\S-1-5-21-613112609-3120048447-693283946-1007 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-613112609-3120048447-693283946-1007 Winlogon: Shell - (C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Windows\shell.exe) - C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Windows\shell.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/07 10:38:14 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 04:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/04/29 20:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 16:22:16 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpReg: DiscUpdateManager - hkey= - key= - C:\Program Files\DISC\DISCUpdMgr.exe (Digital Interactive Systems Corporation, Inc.)
MsConfig - StartUpReg: Reminder - hkey= - key= - C:\Windows\Creator\Remind_XP.exe (SoftThinks)

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3FE99A94-00C8-9215-A92D-9214B06BE476} - Browser Customizations
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A4A557F6-2497-603A-B493-C26D1F2CF24E} - IE7 Uninstall Stub
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\System32\wuauserv.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 13:25:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/11/06 00:29:43 | 000,000,000 | ---D | C] -- C:\Microsoft
[2010/11/04 23:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2010/11/04 23:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\dIcNe00904
[2010/11/02 15:34:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/02 15:33:18 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2010/11/01 15:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/01 15:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/10/30 14:51:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/10/30 14:40:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/10/28 22:02:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/10/27 15:38:18 | 000,000,000 | ---D | C] -- C:\66df581153d36dd4df013b95906118
[2010/10/27 15:08:39 | 000,000,000 | ---D | C] -- C:\92d4885c7b5d15cf5b04b0
[2010/10/27 14:56:05 | 002,255,320 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HousecallLauncher64.exe
[2010/10/26 19:57:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/10/24 10:15:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/24 10:08:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/24 10:08:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/24 10:08:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/24 10:08:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/24 10:05:31 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19784.exe
[2010/10/16 20:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/16 20:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/16 20:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/16 20:15:13 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\iTunesSetup.exe
[2010/10/13 16:50:23 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 16:50:22 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 16:50:07 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2006/02/02 21:24:32 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2006/02/02 21:19:36 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2006/02/02 21:12:26 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2006/02/02 21:11:30 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2006/02/02 21:10:48 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2006/02/02 21:10:18 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2006/02/02 21:06:24 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2006/02/02 21:01:44 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2006/02/02 20:59:12 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 13:34:54 | 000,029,900 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\icon.zip
[2010/11/07 13:30:56 | 000,001,236 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\alternate_ad_1.php.dap
[2010/11/07 13:25:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/11/07 13:15:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/07 13:11:54 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk
[2010/11/07 13:11:18 | 000,043,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/11/07 13:10:54 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/11/07 13:10:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 13:10:51 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 13:10:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/11/07 12:39:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/11/07 12:39:45 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/11/07 12:39:45 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/07 12:11:14 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hH3yR2.dat
[2010/11/07 12:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/11/07 11:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/07 10:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/07 10:11:19 | 000,463,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 10:11:19 | 000,078,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 10:06:36 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/11/07 10:06:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/11/07 10:06:35 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/07 08:39:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/07 07:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/07 06:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/07 05:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/07 04:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/07 03:39:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/07 02:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/07 01:39:06 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/06 23:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/06 22:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/06 22:03:14 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/11/06 18:39:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/06 18:25:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/11/06 18:25:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/11/06 17:39:01 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/06 16:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/06 16:13:36 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/11/06 15:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/06 15:05:28 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/11/06 14:39:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/06 14:27:49 | 000,000,180 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/11/06 14:24:35 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/11/06 13:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/06 13:01:23 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/11/06 12:40:12 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/06 12:39:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/06 12:14:52 | 000,192,512 | ---- | M] (킹스정보통신) -- C:\WINDOWS\System32\kdfvmgr.exe
[2010/11/06 12:14:52 | 000,077,824 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kdfapi.dll
[2010/11/06 12:14:52 | 000,053,248 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\Kdfhok.dll
[2010/11/06 12:14:51 | 000,640,352 | ---- | M] (Kings Information & Network) -- C:\WINDOWS\System32\kdfmgr.exe
[2010/11/05 22:56:01 | 080,464,761 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\KatDeLunaRocks.rar
[2010/11/05 22:43:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/11/05 22:43:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/11/05 22:43:02 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/11/05 21:39:08 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/05 20:39:05 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/05 19:39:02 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/01 15:54:51 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/11/01 14:12:06 | 076,337,152 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Clique Subs] M.net Wide News Idol Cam Part.2 (10.20).avi
[2010/10/31 13:14:34 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/30 22:35:12 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/10/30 14:33:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\winsock
[2010/10/29 23:15:55 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/29 23:15:55 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/10/27 14:56:09 | 002,255,320 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HousecallLauncher64.exe
[2010/10/26 19:59:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/26 15:09:06 | 000,000,373 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\generichosterrorproblem.bat
[2010/10/25 21:16:10 | 000,079,872 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/24 16:19:40 | 002,097,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/24 14:11:38 | 051,673,246 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\M.net Wide News Idol Cam Part.2 (10.20).mp4
[2010/10/24 10:15:07 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/10/24 10:05:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF19784.exe
[2010/10/23 13:39:19 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/22 18:17:40 | 051,710,447 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cascada - Last Christmas.rar
[2010/10/22 13:37:55 | 000,307,457 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photo0310.jpg
[2010/10/16 20:27:57 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/10/16 20:17:18 | 075,019,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\iTunesSetup.exe
[2010/10/14 14:11:26 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/12 13:01:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 13:30:56 | 000,001,236 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\alternate_ad_1.php.dap
[2010/11/05 22:54:35 | 080,464,761 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\KatDeLunaRocks.rar
[2010/11/01 15:54:51 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/11/01 15:54:51 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/11/01 15:54:50 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/11/01 15:54:49 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/11/01 15:54:48 | 000,537,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\hotfix.exe
[2010/11/01 15:54:48 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\dkfjasdfshd.bat
[2010/11/01 14:08:48 | 076,337,152 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\[Clique Subs] M.net Wide News Idol Cam Part.2 (10.20).avi
[2010/10/31 11:53:17 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System\hpsysdrv .DAT
[2010/10/31 05:57:49 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hH3yR2.dat
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/31 05:55:09 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/31 05:55:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\Fonts\FQqK0.com
[2010/10/30 14:33:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\winsock
[2010/10/26 19:58:50 | 3152,596,992 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/26 15:09:05 | 000,000,373 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\generichosterrorproblem.bat
[2010/10/24 13:36:18 | 051,673,246 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\M.net Wide News Idol Cam Part.2 (10.20).mp4
[2010/10/24 10:08:02 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/24 10:08:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/24 10:08:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/24 10:08:02 | 000,079,872 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/24 10:08:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/22 18:14:23 | 051,710,447 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Cascada - Last Christmas.rar
[2010/10/22 13:37:51 | 000,307,457 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Photo0310.jpg
[2010/10/16 20:32:33 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/16 20:27:57 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/14 19:09:41 | 000,000,338 | ---- | C] () -- C:\Program Files\MFOUserSystemInfo.txt
[2010/05/07 17:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/05/07 17:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/05/07 12:44:36 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 12:44:16 | 005,496,152 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/07 12:24:46 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/06 16:28:55 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/07 17:11:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\msecure.ini
[2010/04/06 14:37:02 | 000,008,220 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\696744383
[2010/04/06 14:37:02 | 000,008,220 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\650228716
[2010/04/06 14:36:14 | 000,015,476 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\696744383
[2010/04/06 14:36:14 | 000,015,476 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\4W2k7t2Uo86
[2010/04/06 14:35:34 | 000,015,970 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4W2k7t2Uo86
[2010/04/06 14:35:34 | 000,015,970 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4W2k7t2Uo86
[2010/04/03 22:12:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\8s32
[2010/04/03 22:12:17 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8s32
[2010/03/19 18:50:52 | 000,002,486 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\EUWRpt
[2010/03/19 18:50:52 | 000,002,486 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\EUWRpt
[2010/02/07 16:35:32 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\e7H1JR
[2009/10/27 13:48:40 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/10 14:03:46 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/04/30 23:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/30 23:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/30 23:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/30 23:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/10 14:36:26 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/09 18:53:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2009/03/09 18:53:04 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2009/03/09 18:50:36 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2009/03/09 18:49:47 | 000,303,104 | R--- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2009/03/07 12:07:44 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/03/07 11:06:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/07 10:46:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2009/03/07 10:42:18 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2009/03/07 10:42:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2009/03/07 10:38:33 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/03/07 10:25:42 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/03/07 10:25:05 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2009/03/07 10:19:50 | 000,000,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/07 10:18:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/03/07 10:15:23 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009/03/07 10:15:23 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/03/07 10:14:03 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/03/07 08:16:31 | 001,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/07/31 16:00:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/07/31 16:00:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/07/31 16:00:41 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 12:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/23 00:43:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2006/01/22 11:47:36 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2005/12/20 10:54:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2005/08/30 22:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/08 02:11:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 08:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/04/16 08:01:06 | 000,000,077 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2002/10/15 16:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 05:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 04:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/09 15:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/09 15:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/30 14:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 14:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 14:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/26 07:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Files - Unicode (All) ==========
[2010/10/23 12:04:51 | 145,426,034 | ---- | M] ()(C:\Documents and Settings\HP_Administrator\Desktop\[MV]_男女共?_-_Bbiribbom_Bberibbom_(Dance_Ver).mp4) -- C:\Documents and Settings\HP_Administrator\Desktop\[MV]_男女共学_-_Bbiribbom_Bberibbom_(Dance_Ver).mp4
[2010/10/23 11:40:17 | 145,426,034 | ---- | C] ()(C:\Documents and Settings\HP_Administrator\Desktop\[MV]_男女共?_-_Bbiribbom_Bberibbom_(Dance_Ver).mp4) -- C:\Documents and Settings\HP_Administrator\Desktop\[MV]_男女共学_-_Bbiribbom_Bberibbom_(Dance_Ver).mp4

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0

< End of report >


TL Extras logfile created on: 11/7/2010 1:26:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 33.17 Gb Free Space | 18.65% Space Free | Partition Type: NTFS
Drive D: | 8.44 Gb Total Space | 1.19 Gb Free Space | 14.14% Space Free | Partition Type: FAT32
Drive E: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57696:TCP" = 57696:TCP:*:Enabled:Pando Media Booster
"57696:UDP" = 57696:UDP:*:Enabled:Pando Media Booster
"58254:TCP" = 58254:TCP:*:Enabled:Pando Media Booster
"58254:UDP" = 58254:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"57696:TCP" = 57696:TCP:*:Enabled:Pando Media Booster
"57696:UDP" = 57696:UDP:*:Enabled:Pando Media Booster
"58254:TCP" = 58254:TCP:*:Enabled:Pando Media Booster
"58254:UDP" = 58254:UDP:*:Enabled:Pando Media Booster
"58815:TCP" = 58815:TCP:*:Enabled:Pando Media Booster
"58815:UDP" = 58815:UDP:*:Enabled:Pando Media Booster
"56187:TCP" = 56187:TCP:*:Enabled:Pando Media Booster
"56187:UDP" = 56187:UDP:*:Enabled:Pando Media Booster
"56364:TCP" = 56364:TCP:*:Enabled:Pando Media Booster
"56364:UDP" = 56364:UDP:*:Enabled:Pando Media Booster
"1037:TCP" = 1037:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxcrcoms.exe" = C:\WINDOWS\system32\lxcrcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows¡E¢cEc NetMeeting¡E¢cEc -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\DAP\DAP.exe" = C:\Program Files\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (DAP) -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- ()
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe" = C:\Program Files\Adobe Media Player\Adobe Media Player.exe:*:Enabled:Adobe Media Player -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe" = C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe:*:Enabled:TSCFCommander -- (Trend Micro Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\mnetasvr.exe" = C:\WINDOWS\system32\mnetasvr.exe:*:Enabled:MNet AoD Server -- (PeeringPortal)
"C:\WINDOWS\system32\mnetvsvr.exe" = C:\WINDOWS\system32\mnetvsvr.exe:*:Enabled:MNet VoD Server -- (PeeringPortal)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pino.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pino.exe:*:Enabled:Pino -- (Peering Portal, Inc.)
"C:\Program Files\Logitech\Vid\Vid.exe" = C:\Program Files\Logitech\Vid\Vid.exe:*:Enabled:Logitech Vid HD -- ()
"C:\Program Files\Logitech\Vid\Vid .exe" = C:\Program Files\Logitech\Vid\Vid .exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pinoupd.exe" = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\PeeringPortal\Pino\pinoupd.exe:*:Enabled:Pino Updater -- (Peering Portal, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.7
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro Internet Security Pro
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}" = muvee autoProducer unPlugged 2.0
"{60C1AF18-EA45-7488-5C95-4EC64F93B727}" = ViiKii Desktop Plug-in
"{6530EB5E-F2BE-45D3-906B-E4AFFF2D1588}" = Windows Live Device Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B08AF156-E923-4853-B3A8-5E657321DEE6}" = SBSWebPlayer
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{FA162129-FC0C-425E-8EC1-7C84FE967D27}_is1" = Hello Kitty Online Founder Beta
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB4740B3-2530-452D-A825-F7AB246CA7DF}" = muvee autoProducer 5.0
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AhnLab MyKeyDefense 2.0" = AhnLab MyKeyDefense 2.0
"Akamai" = Akamai NetSession Interface
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitTorrent" = BitTorrent
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EADM" = EA Download Manager
"FLV Player" = FLV Player 2.0 (build 25)
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"GomTV Launcher Plugin" = GOMTV Plug-in
"Graboid Video" = Graboid Video 1.73
"Hello Kitty® Online North America" = Hello Kitty® Online North America
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Grabber II" = Image Grabber II
"LastFM_is1" = Last.fm 1.5.4.27091
"Latale GP3.0" = Latale GP
"Lexmark 2400 Series" = Lexmark 2400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mnet P3Modules" = 통합 웹플레이어 2.5.2
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3tag" = Mp3tag v2.43
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Screensaver_is1" = My Screensaver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Standard Edition 2003 60 days trial
"Open Video Converter_is1" = Open Video Converter version 3.3
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Picasa 3" = Picasa 3
"Prism" = Prism Video Converter
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"System Tool2011" = System Tool2011
"SystemRequirementsLab" = System Requirements Lab
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"Uninstall_is1" = Uninstall 1.0.0.1
"ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1" = ViiKii Desktop Plug-in
"VLC media player" = VLC media player 1.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-613112609-3120048447-693283946-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"af7031ac204ab2e1" = Asiasoft Downloader
"BitTorrent DNA" = DNA
"Futurestream Client" = Futurestream Client
"Pino" = Pino

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2010 3:06:34 PM | Computer Name = OWNER | Source = Bonjour Service | ID = 100
Description = 276: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/7/2010 3:06:34 PM | Computer Name = OWNER | Source = Bonjour Service | ID = 100
Description = 448: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/7/2010 3:06:34 PM | Computer Name = OWNER | Source = Bonjour Service | ID = 100
Description = 440: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/7/2010 3:07:57 PM | Computer Name = OWNER | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/7/2010 3:12:04 PM | Computer Name = OWNER | Source = COM+ | ID = 135761
Description = The run-time environment has detected an inconsistency in its internal
state. This indicates a potential instability in the process that could be caused
by the custom components running in the COM+ application, the components they make
use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184),
hr = 8007041d: InitEventCollector fail

Error - 11/7/2010 3:16:20 PM | Computer Name = OWNER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 11/7/2010 3:16:20 PM | Computer Name = OWNER | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\MY DOCUMENTS\MY
MUSIC\ITUNES\ITUNES LIBRARY.ITL> in the hash map cannot be updated. Context: Application,
SystemIndex Catalog Details: A device attached to the system is not functioning.
(0x8007001f)

Error - 11/7/2010 3:27:53 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 11/7/2010 3:30:17 PM | Computer Name = OWNER | Source = ESENT | ID = 447
Description = wlcomm (11304) A bad page link (error -327) has been detected in a
B-Tree (ObjectId: 88, PgnoRoot: 214) of database C:\Documents and Settings\HP_Administrator\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{7506ff4b-e5f5-4339-bdcb-e99f65ba9388}\DBStore\contacts.edb
(801 => 837, 521).

Error - 11/7/2010 3:35:45 PM | Computer Name = OWNER | Source = ESENT | ID = 447
Description = wlcomm (11304) A bad page link (error -327) has been detected in a
B-Tree (ObjectId: 88, PgnoRoot: 214) of database C:\Documents and Settings\HP_Administrator\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{7506ff4b-e5f5-4339-bdcb-e99f65ba9388}\DBStore\contacts.edb
(801 => 837, 521).

[ System Events ]
Error - 10/26/2010 10:44:45 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:45:19 PM | Computer Name = OWNER | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service netman with
arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

Error - 10/26/2010 10:45:26 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:46:02 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:46:38 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:47:14 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:47:50 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:48:26 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:49:01 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 10/26/2010 10:49:37 PM | Computer Name = OWNER | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.


< End of report >



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:21 PM

Posted 08 November 2010 - 05:34 AM

Hi,

can you please try to run Rootkit Unhooker:
Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


It's possible that it is not compatible, in that case please try gmer instead:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 nathan1el

nathan1el
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 08 November 2010 - 07:36 PM

The first one didn't work, so I did the 2nd option.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-08 18:34:32
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD2000JS-60NCB1 rev.10.02E02
Running: p74sixey.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\pxldapow.sys


---- System - GMER 1.0.15 ----

SSDT 89F2FCC0 ZwCreateKey
SSDT 89F2F1C0 ZwCreateProcess
SSDT 89F2F480 ZwCreateProcessEx
SSDT 89F30B20 ZwCreateThread
SSDT 89F30240 ZwDeleteKey
SSDT 89F30500 ZwDeleteValueKey
SSDT 89F30CC0 ZwLoadDriver
SSDT 89F2F740 ZwOpenProcess
SSDT 89F2FF80 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAB2ABDF0]
SSDT 89F30980 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5705360, 0x3CEED5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CD000A
.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[876] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806CEC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806CCA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806CF70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806CDA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806CFE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806C900 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 2806CE30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 2806C410 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 2806C470 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 28070F10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 2806EF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 28070480 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 280705D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 28070C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 2806E4A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 28070520 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28070DE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 28070800 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 2806F590 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 280754A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 28075160 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 28074FB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WS2_32.dll!recv 71AB676F 5 Bytes JMP 28074E80 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 280752D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] SHELL32.dll!Shell_NotifyIconW 7CA2A587 5 Bytes JMP 2806DC10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 2806D5C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 2806D240 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] ole32.dll!CoRegisterClassObject 775179C0 5 Bytes JMP 2806D340 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WININET.dll!InternetCloseHandle 3D944261 5 Bytes JMP 280741D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WININET.dll!HttpOpenRequestA 3D94AA7B 5 Bytes JMP 28073F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WININET.dll!InternetReadFile 3D9513D4 5 Bytes JMP 28074090 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr .exe[1812] WININET.dll!HttpSendRequestA 3D953558 5 Bytes JMP 28074130 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\WINDOWS\System32\svchost.exe[1960] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E8000A
.text C:\WINDOWS\System32\svchost.exe[1960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00E9000A
.text C:\WINDOWS\System32\svchost.exe[1960] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00E7000C
.text C:\WINDOWS\System32\svchost.exe[1960] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0295000A
.text C:\WINDOWS\System32\svchost.exe[1960] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00F5000A
.text C:\Program Files\Pando Networks\Media Booster\PMB .exe[2412] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0172000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0173000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0171000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3816] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [013B3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [013B3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [013B3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [013B39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 0126BFC0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 0126C030
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 0126C560
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 0126B230
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 012686C0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 01269920
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01269B90
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 0126C230
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 0126C550
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 01269CA0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 0126B340
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 0126B190
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 0126AFF0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 0126A3F0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 0126AB80
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 0126A830
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 0126AFB0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 0126C570
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 01269E00
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 01269E80
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 01269F00
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 0126A070
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 0126A150
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 0126A000
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0126C4C0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0126C470
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 012686C0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01269920
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0126B230
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01269B90
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 012699A0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0126A830
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0126C170
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0126C1B0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0126C550
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0126C030
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0126B190
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0126A150
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01269B00
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01269E80
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0126CAD0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0126AB80
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0126AFF0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0126B6B0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0126B440
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0126B630
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0126BB10
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0126B820
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01269A70
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0126A000
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0126C290
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0126B580
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0126B130
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0126AFB0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0126B340
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0126C570
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0126B380
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0126C810
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0126C7B0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0126CA00
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0126CAA0
IAT C:\Program Files\DAP\DAP .exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0126C8D0

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 8AF75292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-16 8AF75292

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-5 -> \??\IDE#DiskWDC_WD2000JS-60NCB1_____________________10.02E02#5&24a390b2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 390721712 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041E7.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041E8.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041E9.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041EA.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041EB.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041EC.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041ED.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041EE.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041EF.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041F0.log 131072 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS041E6.log 131072 bytes

---- EOF - GMER 1.0.15 ----



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:21 PM

Posted 09 November 2010 - 02:38 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 nathan1el

nathan1el
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 10 November 2010 - 07:46 AM

dangggggggggg lol. i didnt know it was THIS bad. i went ahead and reformatted, but i wanna make sure it's gone so i went ahead and ran the GMer scan again (after reformat) if it helps?

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-10 06:45:48
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2000JS-60NCB1 rev.10.02E02
Running: g3pjdoz7.exe; Driver: C:\DOCUME~1\HP_ADM~1.HP\LOCALS~1\Temp\uxldipob.sys


---- System - GMER 1.0.15 ----

SSDT 8A44AE08 ZwAlertResumeThread
SSDT 8A524878 ZwAlertThread
SSDT 8A4D7860 ZwAllocateVirtualMemory
SSDT 8A585510 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwCreateKey [0xB5CD4410]
SSDT 8A9896D8 ZwCreateMutant
SSDT 8A3EDE80 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteKey [0xB5CD46B0]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey [0xB5CD4DC0]
SSDT 8A4FC0D0 ZwFreeVirtualMemory
SSDT 8A645EF8 ZwImpersonateAnonymousToken
SSDT 8A98A398 ZwImpersonateThread
SSDT 8A49C258 ZwMapViewOfSection
SSDT 8A6280D0 ZwOpenEvent
SSDT 8A34B158 ZwOpenProcessToken
SSDT 8A3CEE98 ZwOpenThreadToken
SSDT 8A4E6078 ZwQueryValueKey
SSDT 8A4080D0 ZwResumeThread
SSDT 8A521718 ZwSetContextThread
SSDT 8A4FCE98 ZwSetInformationProcess
SSDT 8A4A7E98 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey [0xB5CD5020]
SSDT 8A647258 ZwSuspendProcess
SSDT 8A4EAE98 ZwSuspendThread
SSDT 8A628E98 ZwTerminateProcess
SSDT 8A96EE98 ZwTerminateThread
SSDT 8A356E98 ZwUnmapViewOfSection
SSDT 8A589698 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BA3360, 0x20574D, 0xE8000020]
? System32\Drivers\SYMTDI.SYS The system cannot find the path specified. !
? C:\Program Files\Symantec\SYMEVENT.SYS The system cannot find the file specified. !
? System32\Drivers\SYMREDRV.SYS The system cannot find the path specified. !
? System32\Drivers\SYMDNS.SYS The system cannot find the path specified. !
? System32\Drivers\SYMNDIS.SYS The system cannot find the path specified. !
? System32\Drivers\SYMFW.SYS The system cannot find the path specified. !
? System32\Drivers\SYMIDS.SYS The system cannot find the path specified. !
? C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20101021.002\symidsco.sys The system cannot find the path specified. !
? C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library c:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [200] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [200] 0x6A1F0000
Library c:\Program (*** hidden *** ) @ C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [1964] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2020] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\DISC\DiscStreamHub.exe [2172] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2832] 0x6AF90000
Library c:\Program (*** hidden *** ) @ c:\windows\system\hpsysdrv.exe [3096] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\DISC\DISCover.exe [3208] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\HP\KBD\KBD.EXE [3368] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\DISC\DiscUpdMgr.exe [3380] 0x6AF90000
Library c:\Program (*** hidden *** ) @ C:\Program Files\iTunes\iTunes.exe [3392] 0x6AF90000

---- EOF - GMER 1.0.15 ----



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:21 PM

Posted 11 November 2010 - 04:54 AM

Hi,

this looks good. This was one of the sections showing the infection in the gmer log:

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 390721712 (+255): rootkit-like behavior;

and as you can see for yourself it is no longer present in the log now.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users