Finding Virtumonde cant remove [Closed] |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Jan 17 2009, 11:06 PM
Post
#1
|
|
|
New Member  Posts: 8 OS: XP  |
I have tried using several different programs, Search and Destroy, Malwarebyte's, etc. I have done F10 restore. But my internet keeps running slower and slower. Same thing with loading. PLEASE someone help me fix my computer. Here is HJ report
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:07 AM, on 1/18/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE J:\ESET Products\ESET NOD32 Smart Security v3.0.667.0 [Latest]\ESET NOD32 Smart Security v3.0.667.0.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\isDel.bat" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe |
 |
 
|
|
Jan 22 2009, 12:53 PM
Post
#2
|
|
 Trusted Helper  Posts: 8,066 OS: XP Pro |
Hello MMacLeod,
Welcome to Geekstogo. Your Java is out of date, older versions are vunerable to attack. Please download JavaRa to your desktop and unzip it to its own folder
Now Unless I am missing something I don't see and anti-virus program on your computer. Before we do anything else please download and install one of these good antivirus programs (these are free for personal use): Download all updates for your antivirus and then run a full scan of your computer. Save the results of the scan and then let the program fix all problems it finds. Post results of the scan back here. |
|
|
|
|
Jan 22 2009, 05:42 PM
Post
#3
|
|
|
New Member Posts: 8 OS: XP |
Thank you for helping
 I have ESET/NOD32 as an antivirus, which is up to date. IF one of the ones you suggested are better, or especially if they take less memory(still running 1.8G) please let me know. Java is up to date. I did have to F10 restore, computer was running painfully slow, some items on my list might show different. Here is current HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:34:08 PM, on 1/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Compaq Organize.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7597 bytes |
|
|
|
|
Jan 22 2009, 05:53 PM
Post
#4
|
|
|
Trusted Helper Posts: 8,066 OS: XP Pro |
QUOTE I have ESET/NOD32 as an antivirus, which is up to date. Nope, that's fine. Must be asleep. It didn't show in your services in that first HijackThis log. I see now though that it showed in your running processes. You have run Malwarebytes in the past. If you are able to post the last scan log that would be good. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Now
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.  |
|
|
|
|
Jan 22 2009, 06:42 PM
Post
#5
|
|
|
New Member Posts: 8 OS: XP |
This is what I am not understanding, doesn't show up here. Shows up with Search And Destroy. Also have been hearing odd sucking noise, like popup ads that are not popping up.
Malwarebytes' Anti-Malware 1.33 Database version: 1654 Windows 5.1.2600 Service Pack 2 1/18/2009 7:16:31 PM mbam-log-2009-01-18 (19-16-31).txt Scan type: Full Scan (C:\|D:\|K:\|) Objects scanned: 286545 Time elapsed: 4 hour(s), 12 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of random's system information tool 1.05 (written by random/random) Run by Compaq_Owner at 2009-01-22 19:38:36 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 21 GB (20%) free of 107 GB Total RAM: 1982 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:42 PM, on 1/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe c:\windows\system\hpsysdrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Compaq Organize.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 7792 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-19 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}] hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360] "nwiz"=nwiz.exe /install [] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568] ""= [] "PCDrProfiler"= [] "HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856] "Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552] "HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-06-10 1447168] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-19 136600] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264] C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Start Menu\Programs\Startup Compaq Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-01-22 19:38:36 ----D---- C:\rsit 2009-01-21 21:52:04 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Ahead 2009-01-21 21:41:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-01-21 21:41:10 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-01-21 21:10:34 ----A---- C:\WINDOWS\system32\muweb.dll 2009-01-21 21:10:34 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-01-21 21:10:34 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-01-21 09:24:32 ----D---- C:\Program Files\Microsoft Silverlight 2009-01-19 16:14:06 ----D---- C:\Program Files\Common Files\DESIGNER 2009-01-19 16:13:05 ----D---- C:\Program Files\Microsoft Office 2009-01-19 16:10:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Apple Computer 2009-01-19 16:10:14 ----A---- C:\WINDOWS\system32\GEARAspi.dll 2009-01-19 16:09:31 ----D---- C:\Program Files\Bonjour 2009-01-19 16:07:21 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-01-19 15:48:14 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Media Player Classic 2009-01-19 14:41:13 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2009-01-19 14:41:13 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-01-19 14:41:13 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-01-19 14:41:12 ----A---- C:\WINDOWS\system32\unrar.dll 2009-01-19 14:41:02 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-01-19 14:41:02 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-01-19 14:41:02 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-01-19 14:41:01 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2009-01-19 14:41:01 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-01-19 14:40:54 ----A---- C:\WINDOWS\system32\divx.dll 2009-01-19 14:40:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-01-19 14:40:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-01-19 14:40:49 ----D---- C:\Program Files\K-Lite Codec Pack 2009-01-19 14:40:49 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-01-19 13:47:13 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\GRETECH 2009-01-19 13:11:50 ----D---- C:\WINDOWS\Prefetch 2009-01-19 12:07:51 ----D---- C:\WINDOWS\system32\en-us 2009-01-19 12:07:50 ----D---- C:\WINDOWS\system32\scripting 2009-01-19 12:07:49 ----D---- C:\WINDOWS\system32\en 2009-01-19 12:07:48 ----D---- C:\WINDOWS\system32\bits 2009-01-19 11:53:00 ----N---- C:\WINDOWS\system32\aaclient.dll 2009-01-19 11:52:57 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2009-01-19 11:52:57 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2009-01-19 11:52:57 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2009-01-19 11:52:56 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2009-01-19 11:52:56 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2009-01-19 11:52:56 ----N---- C:\WINDOWS\system32\ati3duag.dll 2009-01-19 11:52:56 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2009-01-19 11:52:55 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2009-01-19 11:52:55 ----N---- C:\WINDOWS\system32\azroles.dll 2009-01-19 11:52:51 ----N---- C:\WINDOWS\system32\credssp.dll 2009-01-19 11:52:50 ----N---- C:\WINDOWS\system32\dimsroam.dll 2009-01-19 11:52:50 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2009-01-19 11:52:50 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3ui.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3svc.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3msm.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2009-01-19 11:52:49 ----N---- C:\WINDOWS\system32\dot3api.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eapsvc.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eapqec.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eappprxy.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eapphost.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eappgnui.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eappcfg.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2009-01-19 11:52:48 ----N---- C:\WINDOWS\system32\eapolqec.dll 2009-01-19 11:52:47 ----N---- C:\WINDOWS\system32\faxpatch.exe 2009-01-19 11:52:47 ----A---- C:\WINDOWS\005490_.tmp 2009-01-19 11:52:45 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2009-01-19 11:52:40 ----N---- C:\WINDOWS\system32\kbdpash.dll 2009-01-19 11:52:40 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2009-01-19 11:52:40 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2009-01-19 11:52:40 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2009-01-19 11:52:39 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2009-01-19 11:52:39 ----N---- C:\WINDOWS\system32\kmsvc.dll 2009-01-19 11:52:36 ----N---- C:\WINDOWS\system32\mmcperf.exe 2009-01-19 11:52:36 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2009-01-19 11:52:36 ----N---- C:\WINDOWS\system32\mmcex.dll 2009-01-19 11:52:36 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2009-01-19 11:52:31 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2009-01-19 11:52:31 ----N---- C:\WINDOWS\system32\mssha.dll 2009-01-19 11:52:30 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2009-01-19 11:52:30 ----N---- C:\WINDOWS\system32\msxml6r.dll 2009-01-19 11:52:30 ----N---- C:\WINDOWS\system32\msxml6.dll 2009-01-19 11:52:29 ----N---- C:\WINDOWS\system32\napstat.exe 2009-01-19 11:52:29 ----N---- C:\WINDOWS\system32\napmontr.dll 2009-01-19 11:52:29 ----N---- C:\WINDOWS\system32\napipsec.dll 2009-01-19 11:52:25 ----N---- C:\WINDOWS\system32\onex.dll 2009-01-19 11:52:24 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2009-01-19 11:52:23 ----N---- C:\WINDOWS\system32\rasqec.dll 2009-01-19 11:52:23 ----N---- C:\WINDOWS\system32\qutil.dll 2009-01-19 11:52:23 ----N---- C:\WINDOWS\system32\qcliprov.dll 2009-01-19 11:52:23 ----N---- C:\WINDOWS\system32\qagentrt.dll 2009-01-19 11:52:23 ----N---- C:\WINDOWS\system32\qagent.dll 2009-01-19 11:52:21 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2009-01-19 11:52:20 ----N---- C:\WINDOWS\system32\s3gnb.dll 2009-01-19 11:52:19 ----N---- C:\WINDOWS\system32\setupn.exe 2009-01-19 11:52:17 ----N---- C:\WINDOWS\system32\slserv.exe 2009-01-19 11:52:17 ----N---- C:\WINDOWS\system32\slrundll.exe 2009-01-19 11:52:17 ----N---- C:\WINDOWS\system32\slgen.dll 2009-01-19 11:52:17 ----N---- C:\WINDOWS\system32\slextspk.dll 2009-01-19 11:52:17 ----N---- C:\WINDOWS\system32\slcoinst.dll 2009-01-19 11:52:16 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2009-01-19 11:52:16 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2009-01-19 11:52:13 ----N---- C:\WINDOWS\system32\tspkg.dll 2009-01-19 11:52:13 ----N---- C:\WINDOWS\system32\tsgqec.dll 2009-01-19 11:52:10 ----N---- C:\WINDOWS\system32\wlanapi.dll 2009-01-19 11:52:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2009-01-19 11:52:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2009-01-19 11:52:09 ----N---- C:\WINDOWS\system32\wmphoto.dll 2009-01-19 11:52:08 ----N---- C:\WINDOWS\system32\xmllite.dll 2009-01-19 11:32:47 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-19 11:32:47 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-19 11:32:47 ----A---- C:\WINDOWS\system32\java.exe 2009-01-19 11:32:47 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-19 09:56:14 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Sun 2009-01-18 22:06:06 ----N---- C:\WINDOWS\system32\verclsid.exe 2009-01-18 20:22:07 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\uTorrent 2009-01-18 20:00:34 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\vlc 2009-01-18 19:45:53 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-18 19:18:57 ----D---- C:\WINDOWS\system32\PreInstall 2009-01-18 15:13:32 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\ESET 2009-01-18 14:57:22 ----RSHD---- C:\cmdcons 2009-01-18 14:57:07 ----D---- C:\WINDOWS\setupupd 2009-01-18 14:52:15 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Malwarebytes 2009-01-18 14:47:55 ----A---- C:\WINDOWS\system32\LuResult.txt 2009-01-18 14:40:29 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-01-18 14:39:53 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Macromedia 2009-01-18 14:39:53 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Adobe 2009-01-18 14:32:37 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Mozilla 2009-01-18 14:32:37 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Flock 2009-01-18 14:26:35 ----ASH---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\desktop.ini 2009-01-18 14:26:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Identities 2009-01-18 14:26:27 ----SD---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Microsoft 2009-01-18 14:26:27 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Real 2009-01-18 14:26:27 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Intuit 2009-01-18 14:22:54 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-01-18 12:15:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-01-18 12:15:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-18 12:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2009-01-18 12:15:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-01-18 12:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-01-18 12:14:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-01-18 12:14:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-01-18 11:32:11 ----D---- C:\Program Files\ERUNT 2009-01-18 10:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$ 2009-01-17 23:57:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-17 22:53:14 ----A---- C:\ComboFix.txt 2009-01-17 22:37:16 ----A---- C:\WINDOWS\zip.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\VFIND.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\SWSC.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\SWREG.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\sed.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\NIRCMD.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\grep.exe 2009-01-17 22:37:16 ----A---- C:\WINDOWS\fdsv.exe 2009-01-17 22:37:15 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-01-17 22:36:28 ----D---- C:\ComboFix 2009-01-17 18:22:27 ----D---- C:\Program Files\MSBuild 2009-01-16 14:23:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-01-16 13:33:30 ----D---- C:\Program Files\CleanUp! 2009-01-16 13:32:16 ----D---- C:\WINDOWS\ERDNT 2009-01-16 13:32:16 ----AD---- C:\Qoobox 2009-01-16 12:56:01 ----D---- C:\WINDOWS\ERUNT 2009-01-16 12:47:53 ----D---- C:\SDFix 2009-01-15 11:37:15 ----D---- C:\Program Files\Ubisoft 2009-01-14 10:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$ 2009-01-13 10:57:03 ----D---- C:\Torrent Files 2009-01-10 15:58:58 ----A---- C:\WINDOWS\WORDPAD.INI 2009-01-09 02:05:43 ----A---- C:\WINDOWS\005709_.tmp 2009-01-07 13:28:35 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2009-01-07 11:00:38 ----D---- C:\Program Files\MagicISO 2009-01-07 10:30:45 ----D---- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup 2009-01-07 10:03:23 ----D---- C:\Program Files\Common Files\Macrovision Shared 2009-01-07 10:02:57 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone 2009-01-06 12:33:32 ----RHD---- C:\MSOCache 2009-01-05 17:19:48 ----D---- C:\Program Files\ESET 2009-01-05 17:10:11 ----D---- C:\WINDOWS\SxsCaPendDel 2009-01-05 15:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-01-02 20:46:53 ----A---- C:\Program Files\uTorrent.exe 2008-12-29 23:17:04 ----A---- C:\WINDOWS\Irremote.ini 2008-12-29 22:49:45 ----D---- C:\Program Files\Common Files\Nero 2008-12-26 22:28:49 ----SHD---- C:\WINDOWS\ftpcache 2008-12-26 22:28:44 ----D---- C:\Program Files\Search Warrior Pro 2008-12-26 15:21:21 ----D---- C:\Documents and Settings\All Users\Application Data\GRETECH 2008-12-26 15:20:24 ----D---- C:\Program Files\GRETECH 2008-12-26 13:28:50 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip 2008-12-26 13:28:44 ----D---- C:\Program Files\WinZip 2008-12-26 03:17:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$ 2008-12-26 03:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$ 2008-12-26 03:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$ 2008-12-26 03:07:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$ 2008-12-26 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2008-12-26 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2008-12-24 17:58:07 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus 2008-12-24 13:14:22 ----D---- C:\Program Files\FileZilla FTP Client 2008-12-24 11:10:40 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-12-24 10:53:27 ----D---- C:\Program Files\Clean Disk Security ======List of files/folders modified in the last 1 months====== 2009-01-22 19:37:41 ----D---- C:\WINDOWS\temp 2009-01-22 19:31:18 ----A---- C:\log.txt 2009-01-22 14:36:04 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-22 03:05:02 ----SHD---- C:\WINDOWS\Installer 2009-01-22 03:05:01 ----D---- C:\Config.Msi 2009-01-22 03:03:54 ----A---- C:\WINDOWS\win.ini 2009-01-22 03:02:51 ----RSD---- C:\WINDOWS\Fonts 2009-01-22 03:02:24 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-01-22 03:02:06 ----D---- C:\WINDOWS\system32 2009-01-22 03:02:03 ----AD---- C:\WINDOWS 2009-01-21 22:04:41 ----D---- C:\WINDOWS\system32\Lang 2009-01-21 22:04:34 ----HD---- C:\WINDOWS\inf 2009-01-21 22:03:54 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-21 22:02:28 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-21 21:51:02 ----D---- C:\WINDOWS\system32\drivers 2009-01-21 21:42:59 ----D---- C:\Program Files\Nero 2009-01-21 21:41:13 ----D---- C:\WINDOWS\system32\DirectX 2009-01-21 18:47:10 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2009-01-21 18:37:24 ----D---- C:\Program Files\PowerISO 2009-01-21 09:24:32 ----D---- C:\Program Files 2009-01-21 03:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-01-21 03:01:13 ----A---- C:\WINDOWS\imsins.BAK 2009-01-21 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-01-19 22:51:18 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-19 22:51:05 ----D---- C:\Program Files\Messenger 2009-01-19 16:17:15 ----A---- C:\WINDOWS\ODBC.INI 2009-01-19 16:15:08 ----D---- C:\WINDOWS\SHELLNEW 2009-01-19 16:14:53 ----D---- C:\Program Files\Microsoft ActiveSync 2009-01-19 16:14:06 ----D---- C:\Program Files\Common Files 2009-01-19 16:13:17 ----D---- C:\Program Files\Common Files\System 2009-01-19 16:13:05 ----D---- C:\WINDOWS\pchealth 2009-01-19 16:10:34 ----D---- C:\WINDOWS\system 2009-01-19 16:07:37 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-01-19 16:07:20 ----D---- C:\WINDOWS\WinSxS 2009-01-19 13:53:49 ----D---- C:\Program Files\Common Files\Real 2009-01-19 13:14:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-19 13:12:57 ----A---- C:\WINDOWS\OEWABLog.txt 2009-01-19 13:11:56 ----A---- C:\WINDOWS\setuplog.txt 2009-01-19 13:10:53 ----D---- C:\WINDOWS\system32\Setup 2009-01-19 13:10:53 ----D---- C:\WINDOWS\AppPatch 2009-01-19 13:10:52 ----D---- C:\WINDOWS\system32\wbem 2009-01-19 13:10:11 ----D---- C:\WINDOWS\security 2009-01-19 12:08:09 ----D---- C:\WINDOWS\ime 2009-01-19 12:08:08 ----D---- C:\WINDOWS\Help 2009-01-19 12:07:51 ----D---- C:\WINDOWS\system32\usmt 2009-01-19 12:07:50 ----D---- C:\Program Files\Internet Explorer 2009-01-19 12:07:48 ----D---- C:\WINDOWS\PeerNet 2009-01-19 12:07:48 ----D---- C:\Program Files\Movie Maker 2009-01-19 12:07:32 ----D---- C:\WINDOWS\system32\Restore 2009-01-19 12:07:32 ----D---- C:\WINDOWS\system32\npp 2009-01-19 12:07:31 ----D---- C:\WINDOWS\msagent 2009-01-19 12:07:28 ----D---- C:\WINDOWS\srchasst 2009-01-19 12:07:27 ----D---- C:\Program Files\NetMeeting 2009-01-19 12:07:25 ----D---- C:\WINDOWS\system32\Com 2009-01-19 12:07:22 ----D---- C:\Program Files\Windows Media Player 2009-01-19 12:07:21 ----D---- C:\Program Files\Windows NT 2009-01-19 12:07:21 ----D---- C:\Program Files\Outlook Express 2009-01-19 12:07:00 ----D---- C:\WINDOWS\system32\oobe 2009-01-19 12:02:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-01-19 11:58:54 ----D---- C:\WINDOWS\EHome 2009-01-19 11:32:14 ----D---- C:\Program Files\Java 2009-01-18 23:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$ 2009-01-18 23:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$ 2009-01-18 23:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$ 2009-01-18 23:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-01-18 23:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$ 2009-01-18 23:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-01-18 23:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$ 2009-01-18 23:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$ 2009-01-18 23:15:52 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$ 2009-01-18 23:15:39 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$ 2009-01-18 23:15:24 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$ 2009-01-18 23:15:12 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$ 2009-01-18 23:14:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-01-18 23:14:42 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$ 2009-01-18 23:14:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-01-18 23:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$ 2009-01-18 23:14:03 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$ 2009-01-18 23:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$ 2009-01-18 23:12:23 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$ 2009-01-18 23:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$ 2009-01-18 23:11:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$ 2009-01-18 23:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$ 2009-01-18 23:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$ 2009-01-18 23:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$ 2009-01-18 23:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$ 2009-01-18 23:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$ 2009-01-18 23:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$ 2009-01-18 23:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$ 2009-01-18 23:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-01-18 23:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-01-18 23:08:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-01-18 23:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$ 2009-01-18 23:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$ 2009-01-18 23:07:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-01-18 23:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2009-01-18 23:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$ 2009-01-18 23:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-01-18 23:05:53 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$ 2009-01-18 23:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$ 2009-01-18 23:05:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-01-18 23:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$ 2009-01-18 20:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-01-18 20:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-01-18 20:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-01-18 20:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$ 2009-01-18 20:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-01-18 20:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$ 2009-01-18 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$ 2009-01-18 20:01:42 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$ 2009-01-18 20:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$ 2009-01-18 20:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$ 2009-01-18 20:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$ 2009-01-18 20:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$ 2009-01-18 19:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$ 2009-01-18 19:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-01-18 19:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$ 2009-01-18 19:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$ 2009-01-18 19:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$ 2009-01-18 19:55:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$ 2009-01-18 19:54:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-01-18 19:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$ 2009-01-18 19:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$ 2009-01-18 19:54:11 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$ 2009-01-18 19:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$ 2009-01-18 19:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$ 2009-01-18 19:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$ 2009-01-18 19:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$ 2009-01-18 19:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$ 2009-01-18 19:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$ 2009-01-18 19:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-01-18 19:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$ 2009-01-18 19:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$ 2009-01-18 19:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\iWin Games 2009-01-18 19:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-01-18 19:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$ 2009-01-18 19:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$ 2009-01-18 19:47:49 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$ 2009-01-18 19:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$ 2009-01-18 19:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$ 2009-01-18 19:47:17 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$ 2009-01-18 19:47:04 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$ 2009-01-18 19:45:42 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$ 2009-01-18 19:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$ 2009-01-18 19:36:25 ----D---- C:\Program Files\Hewlett-Packard 2009-01-18 19:36:12 ----HD---- C:\Program Files\InstallShield Installation Information 2009-01-18 19:35:36 ----D---- C:\WINDOWS\HPCPCUninstall-5577497 2009-01-18 19:34:25 ----HD---- C:\hp 2009-01-18 19:30:15 ----D---- C:\Program Files\HP Games 2009-01-18 19:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-01-18 16:21:18 ----A---- C:\WINDOWS\system.ini 2009-01-18 16:17:07 ----D---- C:\WINDOWS\system32\FxsTmp 2009-01-18 15:07:03 ----D---- C:\WINDOWS\I386 2009-01-18 15:03:19 ----RD---- C:\WINDOWS\Offline Web Pages 2009-01-18 15:03:18 ----RSD---- C:\WINDOWS\assembly 2009-01-18 15:03:18 ----RD---- C:\WINDOWS\Web 2009-01-18 14:57:46 ----RASH---- C:\boot.ini 2009-01-18 14:57:22 ----AC---- C:\WINDOWS\UPGRADE.TXT 2009-01-18 14:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2009-01-18 14:53:54 ----D---- C:\Program Files\Common Files\Symantec Shared 2009-01-18 14:47:18 ----SD---- C:\WINDOWS\Tasks 2009-01-18 14:30:23 ----SHD---- C:\RECYCLER 2009-01-18 14:28:24 ----AD---- C:\WINDOWS\system32\pcintro 2009-01-18 14:26:23 ----D---- C:\Documents and Settings 2009-01-18 14:23:37 ----RASH---- C:\BOOT.BAK 2009-01-18 14:23:26 ----D---- C:\WINDOWS\Registration 2009-01-18 14:23:04 ----D---- C:\WINDOWS\SoftwareDistribution 2009-01-18 11:18:17 ----A---- C:\VundoFix.txt 2009-01-17 20:28:04 ----HD---- C:\TEMP 2009-01-17 20:00:23 ----D---- C:\Program Files\ATT 2009-01-17 16:46:38 ----D---- C:\Program Files\World of Warcraft 2009-01-16 13:02:02 ----A---- C:\WINDOWS\ntbtlog.txt 2009-01-11 19:51:02 ----D---- C:\Program Files\Mozilla Firefox 2009-01-08 12:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$ 2009-01-08 12:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$ 2009-01-08 12:36:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$ 2009-01-08 12:36:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$ 2009-01-08 10:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$ 2009-01-08 10:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-01-05 17:41:53 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2009-01-05 17:22:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-02 15:52:23 ----D---- C:\WINDOWS\pss 2008-12-29 23:03:35 ----D---- C:\Documents and Settings\All Users\Application Data\Nero 2008-12-27 11:32:58 ----HDC---- C:\WINDOWS\ie7 2008-12-27 11:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2008-12-27 09:28:39 ----D---- C:\Program Files\iTunes 2008-12-24 17:09:24 ----D---- C:\WINDOWS\setup.pss 2008-12-24 15:26:24 ----D---- C:\Movavi files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352] R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-06-10 53256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2008-06-10 54280] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572] R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-06-10 39944] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2008-06-10 71688] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2008-06-10 30728] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448] R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208] S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [] S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-19 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-06-10 19200] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] -----------------EOF----------------- Message: Record Number: 4 Source Name: ccEvtMgr Time Written: 20090118142645.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: YOUR-D0F670B45A Event Code: 34 Message: Record Number: 3 Source Name: ccEvtMgr Time Written: 20090118142637.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: YOUR-D0F670B45A Event Code: 35 Message: Record Number: 2 Source Name: ccSetMgr Time Written: 20090118142636.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: YOUR-D0F670B45A Event Code: 34 Message: Record Number: 1 Source Name: ccSetMgr Time Written: 20090118142626.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2f02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\ "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- |
|
|
|
|
Jan 22 2009, 07:11 PM
Post
#6
|
|
|
Trusted Helper Posts: 8,066 OS: XP Pro |
Hello MMacLeod,
Nothing leaping out at me in the way of malware yet. Moving on then: Please download ATF Cleaner by Atribune.
Under Main choose: Select All Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. Next Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job. Kaspersky works with Internet Explorer and Firefox 3. Go to Kaspersky website and perform an online antivirus scan.
|
|
|
|
|
Jan 30 2009, 08:57 PM
Post
#7
|
|
|
Trusted Helper Posts: 8,066 OS: XP Pro |
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
11 / 10,039 | 6th July 2005 - 04:58 AM tomoliveri started - last by don77 |
|||||
|
6 / 2,346 | 11th August 2005 - 10:17 PM avensteph started - last by Kristy |
|||||
 |
16 / 2,133 | 12th November 2005 - 08:48 AM bshane54 started - last by Crustyoldbloke |
|||||
|
5 / 806 | 23rd May 2008 - 08:53 AM dev_765 started - last by Tal |
|||||
|
Time is now: 21st November 2009 - 12:59 PM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising