Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AV2009 malware and other problems

Started by pac522 , Jan 04 2009 03:30 PM

  • Please log in to reply

#1
pac522
Posted 04 January 2009 - 03:30 PM

pac522

    New Member

  • Member
  • Pip
  • 7 posts
I'm not sure if this condition is correctable, I would rather poke my right eye out then reinstall but I think I've come to terms with it. Any way, it's my son's computer. He had installed the malware named AV2009 while trying to get a free app for his IPOD touch.

I've run ComboFix, which found a few problems, ATF cleaner, AVG. I also went in and manually deleted any file named av2009. Malwarebytes came up empty also.

Now I am getting termination error, services.exe terminated 2147483645 and if you click OK to terminate or Cancel to debug it sends Windows in to shutdown mode.

I don't think the computer is infected with AV2009 anymore because the popups have stopped. And I did a search for the error and read that it sounded like the sasser virus so I ran FxSasser and came up negative. And then I updated Windows from serPack2 to serPack3 in hopes that it would correct the problem but it didn't.

I am running Norton corporate AV, and its up to date. During the cleaning of AV2009 it was catching trojans, in Auto protect. Ran startup scans and have come up clean.So I'm really not sure if AV2009 was the only problem, as I'm sure my son didn't tell me everything he's done or how long this as gone on for.

Like I said, I'm not even sure if it can be corrected. Sorry if I created any more problems by running the fixes but usually things are pretty straight forward and I'm able to go at it myself.

I've backed up the registry with Urunt and here is the Hijackthis log, Thanks in advance.


=============================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57, on 2009-01-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clubpenguin.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {225AC655-45BF-4ACC-88AC-18706F0D956D} - C:\WINDOWS\system32\ssqnNFUK.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\252.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10475 bytes

==================================================================


I just realized that the log file above was created after terminating services.exe and stopping the automatic shut down through the command prompt, shutdown /a.

This is the log file before terminating services.exe. It looked like it was different. Again thanks in advance.

================================================================================
=============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30, on 2009-01-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://clubpenguin.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {225AC655-45BF-4ACC-88AC-18706F0D956D} - C:\WINDOWS\system32\ssqnNFUK.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\252.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10372 bytes

Attached Thumbnails

  • servTerm.jpg

  • 0

Advertisements

#2
Gravity Gripp
Posted 05 January 2009 - 12:22 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
pac522, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your
issues.

First, when you post logs here, post them directly into the reply. Do not attach them, unless told to do so. Also, do not alter the font, color, or size of these logs. This will help me, help you.

Also, if I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)

Let me start out with a warning about ComboFix. ComboFix is a very powerful tool that should NEVER be used without the specific guidance of a malware helper or someone who knows the intricacies of it. If misused, it could render your computer unusable.

STEP ONE
  • First, download OTListIt2 to your desktop.
  • Once it has finished downloading, please double click on the icon.
  • When the window appears, please make the following changes:
    • Click Output: Minimal Output
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may close these windows when you have posted the contents of the files.

Edited by Gravity Gripp, 05 January 2009 - 12:23 PM.

  • 0

#3
pac522
Posted 05 January 2009 - 06:51 PM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I ran the proggie and the only output file was OTListIt, the Extra file was not created.

=============================================================


OTListIt logfile created on: 2009-01-05 18:39:25 - Run 3
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.64% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.84 Gb Total Space | 96.84 Gb Free Space | 54.46% Space Free | Partition Type: NTFS
Drive D: | 8.45 Gb Total Space | 0.45 Gb Free Space | 5.38% Space Free | Partition Type: FAT32
Drive E: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CMCDSKTP
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\WINDOWS\arservice.exe (Microsoft)
C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
C:\Program Files\Logitech\Profiler\LWEMon.exe (Logitech Inc.)
C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\WINDOWS\system32\PnkBstrA.exe ()
C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)
C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation)
C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (Logitech Inc.)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
(ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
(Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
(ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
(ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
(ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
(ehRecvr [Auto | Running]) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
(ehSched [Auto | Running]) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
(FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
(FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
(gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
(idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
(LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
(McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\McrdSvc.exe (Microsoft Corporation)
(MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
(NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
(Pml Driver HPZ12 [Boot | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
(PnkBstrA [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrA.exe ()
(QWAVE [Unknown | Stopped]) -- C:\WINDOWS\system32\qwave.dll (Microsoft Corporation)
(RetroExpLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect Express HD\retrorun.exe (Dantz Development Corporation)
(RMSvc [Auto | Running]) -- C:\WINDOWS\ehome\RMSvc.exe (Microsoft Corporation)
(SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
(SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
(Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
(Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
(WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
(WSearch [Auto | Running]) -- C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation)
(ZuneBusEnum [Auto | Running]) -- c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
(ZuneNetworkSvc [On_Demand | Stopped]) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
(ZuneWlanCfgSvc [On_Demand | Stopped]) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

(AFS2K [System | Running]) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
(AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
(Alpham [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\Alpham.sys (Ideazon Corporation)
(ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
(atitray [System | Running]) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys ()
(bb-run [Boot | Running]) -- C:\WINDOWS\system32\drivers\bb-run.sys (Promise Technology, Inc.)
(bsfjdthdxvf.sys [Auto | Running]) -- C:\WINDOWS\system32\drivers\bsfjdthdxvf.sys ()
(ftsata2 [Boot | Running]) -- C:\WINDOWS\system32\drivers\ftsata2.sys (Promise Technology, Inc.)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
(HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
(HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
(HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
(HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
(iaStor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
(IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
(JL2005C [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\jl2005c.sys (Windows ® 2000 DDK provider)
(kbdhid [System | Stopped]) -- C:\WINDOWS\system32\drivers\kbdhid.sys (Microsoft Corporation)
(L8042Kbd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS (Logitech, Inc.)
(L8042mou [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\L8042MOU.SYS (Logitech, Inc.)
(LHidKe [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LHidKE.Sys (Logitech, Inc.)
(LHidUsbK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LHidUsbK.sys (Logitech, Inc.)
(LMouKE [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
(MR97310_USB_DUAL_CAMERA [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mr97310c.sys (Mars Semiconductor Corp.)
(MXOFX [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MXOFX.SYS (Cypress Semiconductor)
(MXOPSWD [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
(NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090103.003\NAVENG.SYS (Symantec Corporation)
(NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090103.003\NAVEX15.SYS (Symantec Corporation)
(OmniUsb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\OmniUsb.sys (Ideazon)
(OmniUsbl [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\OmniUsbl.sys (Ideazon)
(PAC207 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PFC027.SYS (PixArt Imaging Inc.)
(Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\system32\drivers\pxhelp20.sys (Sonic Solutions)
(QWAVEDRV [Unknown | Stopped]) -- C:\WINDOWS\system32\drivers\qwavedrv.sys (Microsoft Corporation)
(RT61 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\rt61.sys (Ralink Technology Inc.)
(RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
(rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
(SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
(SAVRTPEL [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
(Secdrv [Auto | Running]) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
(SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
(SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
(USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
(usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
(Wdf01000 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wdf01000.sys (Microsoft Corporation)
(WmBEnum [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
(WmFilter [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
(WmVirHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
(WmXlCore [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
(xusb21 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://clubpenguin.com/
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {225AC655-45BF-4ACC-88AC-18706F0D956D} - C:\WINDOWS\system32\ssqnNFUK.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe" (Ray Adams)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui (Logitech Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Search - Reg Error: Value does not exist or could not be read.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: trymedia.com (http in Trusted sites)
O15 - HKLM\..Trusted Sites: trymedia.com (https in Trusted sites)
O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: //@surf.mar@/ (money in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - cdo - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
NavLogon: "DllName" = C:\WINDOWS\system32\NavLogon.dll -- C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ]
C:\AUTOEXEC.BAT () -- [ NTFS ]

AUTOEXEC.BAT []
D:\AUTOEXEC.BAT () -- [ FAT32 ]

autorun.inf [[autorun] | open=Installer.exe | icon=disc.ico | | ]
E:\autorun.inf () -- [ UDF ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d146b82-6967-11dc-8dd4-0016b69af0ae}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d146b82-6967-11dc-8dd4-0016b69af0ae}\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun]
"" = Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command]
"" = E:\Installer.exe -- [2008-08-28 23:28:10 | 01,407,832 | R--- | M] ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-01-05 18:34:53 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009-01-04 15:29:56 | 00,017,936 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\servTerm.jpg
[2009-01-04 13:05:57 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2009-01-04 13:05:57 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2009-01-04 13:05:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009-01-04 13:05:05 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt_setup.exe
[2009-01-04 12:57:18 | 00,001,786 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2009-01-04 12:57:17 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-01-04 12:57:00 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HJTInstall.exe
[2009-01-04 12:09:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\DskTpPics
[2009-01-04 11:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Windows Desktop Search
[2009-01-04 11:39:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009-01-04 11:38:16 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009-01-04 11:38:16 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009-01-04 11:38:16 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009-01-04 11:30:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009-01-04 02:27:48 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009-01-04 02:27:47 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009-01-04 02:27:35 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009-01-04 02:27:35 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009-01-04 02:27:34 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009-01-04 02:27:32 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009-01-04 02:27:31 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009-01-04 02:27:31 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009-01-04 02:27:31 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009-01-04 02:27:31 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009-01-04 02:27:31 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009-01-04 02:27:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009-01-04 02:27:31 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009-01-04 02:27:31 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009-01-04 02:27:31 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009-01-04 02:27:31 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009-01-04 02:27:31 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009-01-04 02:27:31 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009-01-04 02:27:30 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009-01-04 02:27:30 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009-01-04 02:27:30 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009-01-04 02:27:30 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009-01-04 02:27:30 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009-01-04 02:27:30 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009-01-04 02:27:30 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009-01-04 02:27:30 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009-01-04 02:27:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009-01-04 02:27:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009-01-04 02:27:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009-01-04 02:27:28 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009-01-04 02:27:27 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009-01-04 02:27:27 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009-01-04 02:27:27 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009-01-04 02:27:27 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009-01-04 02:27:27 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009-01-04 02:27:27 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009-01-04 02:27:26 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009-01-04 02:27:26 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009-01-04 02:27:26 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009-01-04 02:27:26 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009-01-04 02:27:26 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009-01-04 02:27:26 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009-01-04 02:27:25 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009-01-04 02:27:25 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009-01-04 02:27:25 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009-01-04 02:27:25 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009-01-04 02:27:25 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009-01-04 02:27:25 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009-01-04 02:27:24 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009-01-04 02:27:23 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009-01-04 02:27:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009-01-04 02:27:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009-01-04 02:27:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009-01-04 02:27:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009-01-04 02:24:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009-01-04 02:21:51 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009-01-04 02:21:51 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009-01-04 02:21:51 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009-01-04 02:21:50 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009-01-04 02:21:49 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009-01-04 02:21:49 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009-01-04 02:21:49 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009-01-04 02:21:49 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009-01-04 02:21:49 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009-01-04 02:21:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009-01-04 02:21:49 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009-01-04 02:21:49 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009-01-04 02:21:47 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009-01-04 02:21:47 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009-01-04 02:21:47 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009-01-04 02:21:47 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009-01-04 02:21:47 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009-01-04 02:21:46 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009-01-04 02:21:46 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009-01-04 02:21:46 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009-01-04 02:21:45 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009-01-04 02:21:45 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009-01-04 02:21:45 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009-01-04 02:15:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009-01-04 00:50:19 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\My Documents\WindowsXP-KB936929-SP3-x86-ENU.exe
[2009-01-03 23:33:35 | 21,468,81536 | -HS- | C] () -- C:\hiberfil.sys
[2009-01-03 22:50:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\AntiPJ
[2009-01-03 21:19:57 | 00,053,248 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2009-01-03 21:19:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009-01-03 21:15:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-03 21:15:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-03 21:15:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-03 21:15:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-03 21:15:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-03 21:15:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-03 21:15:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-03 21:15:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-03 21:15:37 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-03 21:15:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-01-03 21:15:22 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-01-03 21:15:21 | 00,388,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF11373.exe
[2009-01-03 21:15:21 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009-01-03 21:14:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2009-01-03 21:14:13 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-01-03 21:14:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-01-03 21:14:10 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-01-03 21:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-01-03 21:03:45 | 02,539,400 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2009-01-03 20:45:34 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2009-01-03 19:26:11 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2009-01-03 19:26:10 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2009-01-03 19:11:50 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2009-01-03 19:11:48 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2008-12-31 18:01:04 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2008-12-31 18:01:04 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2008-12-31 18:01:03 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2008-12-31 18:01:02 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2008-12-31 18:01:02 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2008-12-31 18:01:02 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2008-12-31 18:00:58 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2008-12-31 18:00:58 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2008-12-31 18:00:57 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2008-12-31 18:00:55 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2008-12-31 18:00:54 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2008-12-31 18:00:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2008-12-31 11:15:03 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008-12-24 01:02:16 | 00,080,384 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Thumbs.db
[2008-12-22 14:44:09 | 00,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Wizard101.lnk
[2008-12-22 14:44:09 | 00,000,000 | ---D | C] -- C:\Program Files\KingsIsle Entertainment
[2008-12-22 14:42:52 | 07,812,472 | ---- | C] (Acresso Software Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\InstallWizard101.exe
[2008-12-21 12:48:09 | 00,001,792 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Adobe Reader 7.0.lnk
[2008-12-20 21:15:21 | 00,037,132 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\GetAttachment.aspx.jpg
[2008-12-19 05:25:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\ipod
[2008-12-18 19:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\AIMLogger
[2008-12-11 14:37:44 | 00,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008-12-08 17:11:17 | 00,046,592 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Thumbs.db
[2008-12-08 17:06:17 | 00,028,222 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\l_2193fdaa455f4d2da24b642d0ec0e664.jpg

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-01-05 18:35:10 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009-01-05 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2009-01-05 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2009-01-05 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2009-01-05 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2009-01-05 16:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2009-01-05 16:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2009-01-05 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2009-01-05 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2009-01-05 15:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2009-01-05 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2009-01-05 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2009-01-05 14:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2009-01-05 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2009-01-05 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2009-01-05 13:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2009-01-05 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2009-01-05 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2009-01-05 12:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2009-01-05 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2009-01-05 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2009-01-05 11:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2009-01-05 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2009-01-05 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2009-01-05 10:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2009-01-05 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2009-01-05 09:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2009-01-05 09:59:59 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2009-01-05 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2009-01-05 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2009-01-05 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2009-01-05 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2009-01-05 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2009-01-05 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2009-01-05 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2009-01-05 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2009-01-05 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2009-01-05 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2009-01-05 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2009-01-05 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2009-01-05 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2009-01-05 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2009-01-05 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2009-01-05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2009-01-05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2009-01-05 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2009-01-05 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2009-01-05 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2009-01-05 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2009-01-05 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2009-01-05 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2009-01-05 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2009-01-05 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2009-01-05 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2009-01-05 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2009-01-05 00:24:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009-01-05 00:16:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2009-01-05 00:05:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2009-01-04 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2009-01-04 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2009-01-04 23:00:00 | 00,00
  • 0

#4
Gravity Gripp
Posted 05 January 2009 - 08:12 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
pac522
Posted 05 January 2009 - 10:47 PM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
When I double click ComboFix it terminates the application error box, services.exe and sends the machine in to an automatic reboot with a countdown.

Microsoft Windows Recovery Console is installed on this machine, as it's an option on the operation system choice splash screen where Windows XP or Microsoft Windows Recovery Console are the choices.

Would you like for me to stop the shutdown process with the command line, shutdown /a?

Also I my have ran ComboFix in SafeMode mentioned in my first post, I am not sure, I don't know if that makes a difference.

Edited by pac522, 05 January 2009 - 10:48 PM.

  • 0

#6
Gravity Gripp
Posted 06 January 2009 - 09:20 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
STEP ONE
I'd like for you to run a System File Check, make sure that you have your Windows XP CDROM in your CDROM drive before starting this process.

  • Click the Start Menu and find Run and click on it.
  • In the Run window, type sfc /scannow and press Ok.
  • This will check all critical files on your system to make sure they are legit and ok.
Once this is complete, reboot and proceed to step TWO

STEP TWO
Try to re-run ComboFix and let me know the results.

Edited by Gravity Gripp, 06 January 2009 - 09:20 AM.

  • 0

#7
pac522
Posted 06 January 2009 - 06:21 PM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I ran sfc /scannow and this popped up:

Files that are required for Windows to run properly must be copied to the DLL Cache.

Insert your Window XP Professional Service Pack 3 CD now

I have a Windows XP Pro CD but its not a service pack 3 CD.

Edited by pac522, 06 January 2009 - 07:20 PM.

  • 0

#8
Gravity Gripp
Posted 07 January 2009 - 09:55 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Go ahead and try with that CD and let's see what happens.
  • 0

#9
pac522
Posted 07 January 2009 - 05:38 PM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I tried Windows XP serPack 2 CD, an old corporate Windows XP and Windows XP media center edition 2005 and get a wrong CD information box.

I need a work around.
  • 0

#10
Gravity Gripp
Posted 07 January 2009 - 08:48 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Alright, looks like we'll have to do a Windows repair. A side consequence of this will be that you will be reverted back to Service Pack 2. Once we get you clean of malware, you can update to Service Pack 3.

See the link below on instruction of how to do a Windows repair. Remember to use your Windows XP SP2 disk with this, you will also need your Windows XP CD-Key handy.

http://www.geekstogo...ws-XP-t138.html

If you have question, please ask them.

Edited by Gravity Gripp, 07 January 2009 - 08:50 PM.

  • 0

#11
pac522
Posted 07 January 2009 - 09:00 PM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
This machine actually came with the Windows XP media center edition 2005, I'm not sure what service pack is on that cd. I'll be back after the repair.
  • 0

#12
pac522
Posted 08 January 2009 - 06:48 AM

pac522

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Gravity Gripp, I went through the steps of repairing Windows. Of course this proprietary piece of crap HP had no installation disk but I had the same version from my Dell laptop, so no foul, no problem, right? Nope, it went through the process as if it were loading files with the status bar reaching 100% and then kicks me out saying there was a problem and it couldn't repair Windows, this was due to some sort of internal error(can't remember what), Hit F3 to reboot.

So I hit F3, I don't take out the CD, it asks me if I want to boot from CD, I just let it go by not pressing any key. I get to the OS splash screen with XP or recovery console as the choices, I choose XP and it goes right into a fresh install of Windows, or what looks like a fresh install. I know from prior repairs of Windows that when it goes through the process it looks like an install but I also know it said it couldn't repair it, so if it is a fresh install I'm not worried about it at this point as there is nothing I can do about it now and I'll just have to look forward to wasting another 20 hours of my life hunting down all the software and programs I had installed.

Now here is when the proprietary crap kicks in, it won't take any Windows key. Not the one on the side of the box, even though it's the same version. So I try the one off my Dell just out of curiosity and it won't work even though its the same Media Center version. So I have to wind up blowing away the box from the recovery partition.

And I know HP wants you to create recovery disks from a program they have installed on first time boot of the machine but I never made them thinking I could just repair Windows the way I've always have, with an actual Windows disk.

So suffice it to say the machine is now malware, spyware and virus free. LOL. Thanks for all your time and sorry we didn't get a chance to kick this thing in the butt, HP had other ideas. Note to self, make recovery disks.

Again thanks.
  • 0

#13
Gravity Gripp
Posted 08 January 2009 - 04:10 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Sorry to hear you had to end up formatting, I always hate when a user has to do that. In any case, I'm glad your problem is resolved. Let me just give you some closing words here and we can call this one resolved.

And lastly, just some information for you. The following is a list of articles and tools that I like to recommend to people before they head out.
First, and most importantly is to keep your PC up-to-date with the latest patches from Microsoft. Make sure that you have auto updates turned on also. You will be informed if it is turned on or off when you visit the website below.
Next, I'd like to discuss malware prevention with you. As I said, the first step is to keep Windows up-to-date, but that isn't always enough. You also have to be aware of the sites you visit. Questionable and illegal sites almost always try to infect your machine. Even if you have anti-virus and a firewall, you can still get infected from these sites. It's best to just avoid them all together.

Also, when surfing the web, be careful of popups and do NOT click on a popup. If you get a popup for anti-virus or anti-spyware software, NEVER download it and NEVER buy it, it is nothing more than just more spyware. Also, these are a couple of great programs to help prevent malware infections. Instead of being reactive they are proactive.
While discussing browsing habits, I like to recommend to everyone to use an alternate web browser called Mozilla Firefox. My personal feeling is that Internet Explorer just doesn't fit the bill when coming to security. I have been using Firefox for several years now and have never had issues with it.
Another avenue for malware in recent years has been Peer-To-Peer (P2P) applications, programs like Kazaa, Limewire, and even BitTorrent programs can spread malware. You have to be very weary of what you download from these applications as a lot of time they are infected also. Here is a very good article from Microsoft about the dangers of P2P.
Now, every now and again the Windows operating systems just gets slow and needs to be cleaned up. The follow is an article by Miekiemoes that gives very good information on how to speed up your PC when it's not malware related.
Also, I would just like to thank you for coming by Geeks-To-Go and I'm glad we could lend you a hand. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP