Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RAM being drained [Solved]

Started by hotshotvz , Jan 29 2009 11:46 PM

  • This topic is locked This topic is locked

#1
hotshotvz
Posted 29 January 2009 - 11:46 PM

hotshotvz

    Member

  • Member
  • PipPip
  • 73 posts
My ram is being drained. wuauclt at 68000K, svchost at 32000K, explorer at 30000K, IE at 40000K. Here is my hijack this log, along with a log from a combofix scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:53 AM, on 1/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218484776562
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4423 bytes


ComboFix 09-01-21.04 - Compaq_Administrator 2009-01-29 22:42:11.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.605 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-21 13:39 . 2009-01-21 13:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-21 13:34 . 2009-01-21 13:35 <DIR> d-------- c:\program files\ERUNT
2009-01-19 22:16 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-19 22:16 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\dllcache\mouhid.sys
2009-01-19 22:16 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-19 22:16 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2009-01-19 02:40 . 2009-01-19 02:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-17 00:38 . 2009-01-17 00:38 <DIR> d-------- c:\documents and settings\Compaq_Administrator\.netbeans-registration
2009-01-17 00:38 . 2009-01-17 00:44 <DIR> d-------- c:\documents and settings\Compaq_Administrator\.netbeans
2009-01-17 00:31 . 2009-01-19 02:38 <DIR> d-------- c:\documents and settings\Compaq_Administrator\.nbi
2009-01-16 16:48 . 2009-01-16 16:48 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\JCreator
2009-01-16 16:48 . 2009-01-16 16:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\JCreator
2009-01-16 00:26 . 2009-01-19 02:35 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-08 11:47 . 2009-01-08 11:47 0 --a------ c:\windows\VDM40.tmp
2009-01-08 11:47 . 2009-01-08 11:47 0 --a------ c:\windows\VDM3F.tmp
2009-01-06 22:12 . 2009-01-27 15:30 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-05 00:29 . 2009-01-05 00:29 0 --a------ c:\windows\VDMEF.tmp
2009-01-05 00:29 . 2009-01-05 00:29 0 --a------ c:\windows\VDMEE.tmp
2009-01-05 00:09 . 2009-01-05 00:09 0 --a------ c:\windows\VDMEB.tmp
2009-01-05 00:09 . 2009-01-05 00:09 0 --a------ c:\windows\VDMEA.tmp
2009-01-05 00:09 . 2009-01-05 00:09 0 --a------ c:\windows\VDME7.tmp
2009-01-05 00:09 . 2009-01-05 00:09 0 --a------ c:\windows\VDME6.tmp
2009-01-04 23:37 . 2009-01-06 16:39 220 --a------ c:\windows\WARFARE.INI
2009-01-04 23:37 . 2009-01-04 23:37 0 --a------ c:\windows\VDME3.tmp
2009-01-04 23:37 . 2009-01-04 23:37 0 --a------ c:\windows\VDME2.tmp
2008-12-29 11:36 . 2008-12-29 11:37 754 --a------ c:\windows\WORDPAD.INI
2008-12-27 00:40 . 2008-12-27 00:40 <DIR> d-------- c:\program files\Click 'N Burn CD & DVD
2008-12-22 14:34 . 2008-12-22 15:09 <DIR> d-------- C:\SEEK
2008-12-22 13:43 . 2008-12-22 13:43 <DIR> d-------- c:\program files\You Don't Know Jack
2008-12-22 13:43 . 1996-05-09 13:53 34,800 --a------ c:\windows\UNWISE.EXE
2008-12-21 00:40 . 2007-05-30 07:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-12-20 14:10 . 2008-12-20 14:10 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2008-12-20 14:05 . 2008-12-20 14:05 <DIR> d-------- c:\program files\Common Files\TiVo Shared
2008-12-18 14:17 . 2008-12-18 14:18 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-17 16:26 . 2008-12-17 16:26 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-12 13:43 . 2008-12-12 13:43 <DIR> d-------- c:\program files\Common Files\DFX
2008-12-11 15:04 . 2009-01-19 22:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-11 15:04 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 15:04 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 00:27 . 2008-12-10 00:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-06 11:18 . 2008-12-17 16:26 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-03 20:32 . 2008-12-03 22:10 <DIR> d-------- c:\program files\Common Files\wsm
2008-12-03 20:03 . 2008-12-14 16:08 <DIR> d----c--- c:\windows\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 03:40 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 07:39 --------- d-----w c:\program files\Java
2009-01-19 03:17 --------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\LimeWire
2008-12-28 22:23 --------- d-----w c:\program files\Common Files\Sierra On-Line
2008-12-20 19:10 --------- d-----w c:\program files\Sonic
2008-12-20 19:10 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-12-20 18:31 --------- d-----w c:\program files\HP
2008-12-17 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 19:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 01:55 --------- d-----w c:\program files\Maxis
2008-12-14 21:15 --------- d-----w c:\program files\MSECache
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 18:43 --------- d-----w c:\program files\DFX
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-29 21:32 --------- d-----w c:\program files\SimTheme Park
2008-11-29 18:48 --------- d-----w c:\program files\_uninstallation_info
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-23 01:18 47,184 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2007-05-03 08:18 167 -c--a-w c:\documents and settings\Compaq_Administrator\5432.bat
2007-02-01 20:34 650 -c--a-w c:\program files\YGO Virtual Desktop V086.exe
2007-02-01 19:55 142,117 -c--a-w c:\program files\YVDCSF6.zip
2006-07-09 20:02 0 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\internaldb41.dat
2006-07-01 01:13 0 -c--a-w c:\documents and settings\Compaq_Administrator\Application Data\wklnhst.dat
2008-08-11 21:25 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081120080812\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-17 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 22:44:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-29 22:46:00
ComboFix-quarantined-files.txt 2009-01-30 03:45:30

Pre-Run: 210,911,866,880 bytes free
Post-Run: 210,896,904,192 bytes free

178 --- E O F --- 2009-01-20 16:11:25
  • 0

Advertisements

#2
Jimmy2012
Posted 04 February 2009 - 02:22 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,
Sorry about the delay.

You should not use tools like ComboFix unless a trained helper asks you too. It can be dangerous running it your self.

Lets get a fresh look at your computer.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
hotshotvz
Posted 04 February 2009 - 06:07 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi,

You don't have to apologize for the delay. I understand that you're helping a lot of other people. Here are the two logs you requested, and I look forward to working with you. Mike.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Administrator at 2009-02-04 19:02:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 208 GB (90%) free of 231 GB
Total RAM: 958 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:39 PM, on 2/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus® for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1218484776562
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4780 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-17 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-17 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-17 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall getPlus® for Adobe"=C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-02-04 19:02:30 ----D---- C:\rsit
2009-02-04 13:33:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-04 13:26:22 ----D---- C:\WINDOWS\LastGood
2009-02-02 23:02:04 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-02-02 23:02:04 ----N---- C:\WINDOWS\system32\iacenc.dll
2009-02-01 16:08:58 ----D---- C:\Program Files\LimeWire
2009-01-31 15:28:30 ----D---- C:\Documents and Settings\All Users\Application Data\1E308
2009-01-31 15:28:13 ----D---- C:\Documents and Settings\All Users\Application Data\D23D
2009-01-31 15:28:01 ----D---- C:\Documents and Settings\All Users\Application Data\125C
2009-01-31 15:26:48 ----D---- C:\Documents and Settings\All Users\Application Data\30356
2009-01-30 00:24:32 ----A---- C:\WINDOWS\gmer.ini
2009-01-30 00:24:30 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-30 00:24:30 ----A---- C:\WINDOWS\gmer.exe
2009-01-30 00:24:30 ----A---- C:\WINDOWS\gmer.dll
2009-01-29 22:54:32 ----D---- C:\ComboFix
2009-01-29 22:50:28 ----SHD---- C:\RECYCLER
2009-01-29 22:46:02 ----D---- C:\WINDOWS\temp
2009-01-29 22:46:01 ----A---- C:\ComboFix.txt
2009-01-21 13:34:59 ----D---- C:\Program Files\ERUNT
2009-01-21 13:33:10 ----D---- C:\WINDOWS\pss
2009-01-21 11:45:51 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-19 02:40:27 ----D---- C:\Program Files\ORKTools
2009-01-16 16:48:51 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\JCreator
2009-01-16 16:48:51 ----D---- C:\Documents and Settings\All Users\Application Data\JCreator
2009-01-16 00:26:50 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-13 15:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-08 11:47:35 ----A---- C:\WINDOWS\VDM40.tmp
2009-01-08 11:47:35 ----A---- C:\WINDOWS\VDM3F.tmp
2009-01-06 22:12:16 ----D---- C:\Program Files\SpywareBlaster
2009-01-05 00:29:28 ----A---- C:\WINDOWS\VDMEF.tmp
2009-01-05 00:29:28 ----A---- C:\WINDOWS\VDMEE.tmp
2009-01-05 00:09:39 ----A---- C:\WINDOWS\VDMEB.tmp
2009-01-05 00:09:39 ----A---- C:\WINDOWS\VDMEA.tmp
2009-01-05 00:09:24 ----A---- C:\WINDOWS\VDME7.tmp
2009-01-05 00:09:24 ----A---- C:\WINDOWS\VDME6.tmp
2009-01-04 23:37:36 ----A---- C:\WINDOWS\WARFARE.INI
2009-01-04 23:37:35 ----A---- C:\WINDOWS\VDME3.tmp
2009-01-04 23:37:35 ----A---- C:\WINDOWS\VDME2.tmp
2008-12-29 11:36:49 ----A---- C:\WINDOWS\WORDPAD.INI
2008-12-27 00:40:04 ----D---- C:\Program Files\Click 'N Burn CD & DVD
2008-12-22 14:34:45 ----D---- C:\SEEK
2008-12-22 13:43:06 ----D---- C:\Program Files\You Don't Know Jack
2008-12-22 13:43:06 ----A---- C:\WINDOWS\UNWISE.EXE
2008-12-18 14:17:54 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-17 14:17:16 ----D---- C:\WINDOWS\ERDNT
2008-12-12 13:43:17 ----D---- C:\Program Files\Common Files\DFX
2008-12-11 15:04:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-11 00:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 00:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 00:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 00:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 00:27:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-06 11:18:21 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 11:18:21 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 11:18:21 ----A---- C:\WINDOWS\system32\java.exe
2008-12-06 11:18:21 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 2 months======

2009-02-04 19:02:28 ----D---- C:\WINDOWS\Prefetch
2009-02-04 13:54:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-04 13:33:21 ----SHD---- C:\WINDOWS\Installer
2009-02-04 13:33:21 ----SHD---- C:\Config.Msi
2009-02-04 13:33:19 ----D---- C:\Program Files\Common Files
2009-02-04 13:32:50 ----D---- C:\Program Files\Common Files\Adobe
2009-02-04 13:32:34 ----D---- C:\Program Files\Adobe
2009-02-04 13:32:26 ----D---- C:\WINDOWS\system32
2009-02-04 13:26:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-04 13:26:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-04 13:26:22 ----D---- C:\WINDOWS
2009-02-04 13:26:20 ----D---- C:\Program Files\NOS
2009-02-04 13:17:49 ----D---- C:\WINDOWS\Registration
2009-02-04 13:16:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 17:29:39 ----D---- C:\Program Files
2009-02-01 16:34:11 ----AC---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt
2009-02-01 16:09:37 ----D---- C:\WINDOWS\system32\config
2009-02-01 16:09:13 ----D---- C:\WINDOWS\system32\wbem
2009-01-30 00:32:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-30 00:24:30 ----D---- C:\WINDOWS\system32\drivers
2009-01-29 22:54:49 ----SHD---- C:\System Volume Information
2009-01-29 22:54:49 ----D---- C:\WINDOWS\system32\Restore
2009-01-29 22:44:18 ----A---- C:\WINDOWS\system.ini
2009-01-29 22:43:35 ----D---- C:\WINDOWS\AppPatch
2009-01-29 22:40:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-27 17:47:54 ----D---- C:\WINDOWS\Help
2009-01-27 17:45:02 ----HD---- C:\WINDOWS\inf
2009-01-22 22:26:21 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-01-19 22:16:30 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-19 02:40:36 ----D---- C:\WINDOWS\system
2009-01-19 02:39:19 ----D---- C:\Program Files\Java
2009-01-18 22:17:52 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
2009-01-13 15:11:48 ----A---- C:\WINDOWS\imsins.BAK
2009-01-13 15:11:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-06 22:59:42 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla
2009-01-04 23:37:13 ----A---- C:\WINDOWS\win.ini
2008-12-28 17:24:28 ----AC---- C:\WINDOWS\SIERRA.INI
2008-12-28 17:23:13 ----D---- C:\Program Files\Common Files\Sierra On-Line
2008-12-28 00:17:55 ----A---- C:\WINDOWS\yahtzee.ini
2008-12-20 14:10:40 ----HD---- C:\hp
2008-12-20 14:10:39 ----A---- C:\WINDOWS\WININIT.INI
2008-12-20 14:10:32 ----D---- C:\Program Files\Sonic
2008-12-20 14:10:16 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-20 14:05:41 ----RSD---- C:\WINDOWS\Fonts
2008-12-20 13:31:33 ----D---- C:\Program Files\HP
2008-12-20 13:31:31 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-17 14:25:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 14:16:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 21:40:08 ----D---- C:\Python22
2008-12-14 20:59:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-14 20:55:25 ----D---- C:\Program Files\Maxis
2008-12-14 16:15:24 ----D---- C:\Program Files\MSECache
2008-12-14 16:08:24 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 13:43:21 ----D---- C:\Program Files\DFX
2008-12-11 00:05:18 ----D---- C:\Program Files\Internet Explorer
2008-12-10 00:32:18 ----SD---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2008-12-10 00:27:44 ----D---- C:\WINDOWS\WinSxS
2008-12-10 00:27:44 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-30 85969]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 16896]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-09-28 195584]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-06-21 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-17 152984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-04 19:02:41

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Click 'N Burn CD & DVD-->"C:\Program Files\Click 'N Burn CD & DVD\unins000.exe"
Compaq Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DFX for Windows Media Player-->C:\Program Files\DFX\uninstall_WMP.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Card Games 5-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 5\Uninst.isu"
Hoyle Casino 6-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Casino 6\Uninst.isu"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet 5400 series-->C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP DigitalMedia Archive-->MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Office 2003 Tour-->MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)-->C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
YOU DON'T KNOW JACK-->C:\PROGRA~1\YOUDON~1\uninstal.exe

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\32 road.exe
O4 - HKCU\..\Run: [base hope] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OPENTH~1\Up peak.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\tem26B4.tmp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1053.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O4 - HKLM\..\Run: [SMrhctr7j0erfe] C:\Program Files\rhctr7j0erfe\rhctr7j0erfe.exe
O4 - HKLM\..\Run: [lphcpr7j0erfe] C:\WINDOWS\system32\lphcpr7j0erfe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O3 - Toolbar: nqgpedlr - {E4E8B8EA-E4C9-4DCD-B90D-AD89191AC2E5} - C:\WINDOWS\nqgpedlr.dll
O20 - Winlogon Notify: nnnmjkJB - C:\WINDOWS\SYSTEM32\nnnmjkJB.dll
O2 - BHO: QXK Olive - {EB464DAF-ACC6-4E6A-B606-9576B62C014C} - C:\WINDOWS\kgqfwelttqo.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\nnnmjkJB.dll
O21 - SSODL: axrfgvek - {0E2DE4CA-3F9D-48C3-BA3B-6B95397171AC} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {33D57F10-FAE5-45B6-9E3C-2025E7F7A698} - C:\WINDOWS\okmdepgb.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\nnnmjkJB.dll
O20 - Winlogon Notify: nnnmjkJB - C:\WINDOWS\SYSTEM32\nnnmjkJB.dll
O4 - HKLM\..\Run: [5cfd4d02] rundll32.exe "C:\WINDOWS\system32\ptwewemn.dll",b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://mywebcast.cc/tvants/tvants.cab
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: HP Image Zone
  • 0

#4
Jimmy2012
Posted 04 February 2009 - 09:31 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello,

Your RSIT info.txt log got cutoff, please re-post it in your next reply. The file can be found here, C:\rsit\info.txt. All you need to do is open up info.txt and copy/paste the text inside in your next reply.
  • 0

#5
hotshotvz
Posted 04 February 2009 - 10:07 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hey again. Sorry about that. I should have paid more attention to it. Here is the info.txt that you requested. Mike.

info.txt logfile of random's system information tool 1.05 2009-02-04 19:02:41

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Click 'N Burn CD & DVD-->"C:\Program Files\Click 'N Burn CD & DVD\unins000.exe"
Compaq Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DFX for Windows Media Player-->C:\Program Files\DFX\uninstall_WMP.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hoyle Card Games 5-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 5\Uninst.isu"
Hoyle Casino 6-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Casino 6\Uninst.isu"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet 5400 series-->C:\Program Files\HP\Digital Imaging\{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP DigitalMedia Archive-->MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Extended Capabilities 5.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Office 2003 Tour-->MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
RollerCoaster Tycoon 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)-->C:\WINDOWS\$NtUninstallMC05Upd1$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL2.isu
YOU DON'T KNOW JACK-->C:\PROGRA~1\YOUDON~1\uninstal.exe

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\32 road.exe
O4 - HKCU\..\Run: [base hope] C:\DOCUME~1\COMPAQ~1\APPLIC~1\OPENTH~1\Up peak.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O4 - HKLM\..\Run: [MbarInstall] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\tem26B4.tmp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1053.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O4 - HKLM\..\RunOnce: [Need2FindBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O8 - Extra context menu item: &Search - http://kl.bar.need2f...earch.html?p=KL
O4 - HKLM\..\Run: [SMrhctr7j0erfe] C:\Program Files\rhctr7j0erfe\rhctr7j0erfe.exe
O4 - HKLM\..\Run: [lphcpr7j0erfe] C:\WINDOWS\system32\lphcpr7j0erfe.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O3 - Toolbar: nqgpedlr - {E4E8B8EA-E4C9-4DCD-B90D-AD89191AC2E5} - C:\WINDOWS\nqgpedlr.dll
O20 - Winlogon Notify: nnnmjkJB - C:\WINDOWS\SYSTEM32\nnnmjkJB.dll
O2 - BHO: QXK Olive - {EB464DAF-ACC6-4E6A-B606-9576B62C014C} - C:\WINDOWS\kgqfwelttqo.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\nnnmjkJB.dll
O21 - SSODL: axrfgvek - {0E2DE4CA-3F9D-48C3-BA3B-6B95397171AC} - C:\WINDOWS\axrfgvek.dll
O21 - SSODL: okmdepgb - {33D57F10-FAE5-45B6-9E3C-2025E7F7A698} - C:\WINDOWS\okmdepgb.dll
O2 - BHO: (no name) - {AE99EB12-A2D7-42D7-8BC2-754431199E2F} - C:\WINDOWS\system32\nnnmjkJB.dll
O20 - Winlogon Notify: nnnmjkJB - C:\WINDOWS\SYSTEM32\nnnmjkJB.dll
O4 - HKLM\..\Run: [5cfd4d02] rundll32.exe "C:\WINDOWS\system32\ptwewemn.dll",b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...arm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...arm1=seconduser
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://mywebcast.cc/tvants/tvants.cab
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/b...lineScanner.cab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

System event log

Computer Name: YOUR-B27FB1C401
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 14574
Source Name: Service Control Manager
Time Written: 20081220132723.000000-300
Event Type: information
User:

Computer Name: YOUR-B27FB1C401
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 14573
Source Name: Service Control Manager
Time Written: 20081220132723.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-B27FB1C401
Event Code: 7035
Message: The COM+ System Application service was successfully sent a start control.

Record Number: 14572
Source Name: Service Control Manager
Time Written: 20081220132723.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-B27FB1C401
Event Code: 7036
Message: The Fast User Switching Compatibility service entered the running state.

Record Number: 14571
Source Name: Service Control Manager
Time Written: 20081220132723.000000-300
Event Type: information
User:

Computer Name: YOUR-B27FB1C401
Event Code: 7035
Message: The Fast User Switching Compatibility service was successfully sent a start control.

Record Number: 14570
Source Name: Service Control Manager
Time Written: 20081220132723.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: YOUR-B27FB1C401
Event Code: 454
Message: wuauclt (3492) Database recovery/restore failed with unexpected error -551.

Record Number: 6015
Source Name: ESENT
Time Written: 20080805170924.000000-240
Event Type: error
User:

Computer Name: YOUR-B27FB1C401
Event Code: 454
Message: wuauclt (912) Database recovery/restore failed with unexpected error -551.

Record Number: 6014
Source Name: ESENT
Time Written: 20080805170924.000000-240
Event Type: error
User:

Computer Name: YOUR-B27FB1C401
Event Code: 454
Message: wuauclt (1556) Database recovery/restore failed with unexpected error -551.

Record Number: 6013
Source Name: ESENT
Time Written: 20080805170923.000000-240
Event Type: error
User:

Computer Name: YOUR-B27FB1C401
Event Code: 454
Message: wuauclt (1524) Database recovery/restore failed with unexpected error -551.

Record Number: 6012
Source Name: ESENT
Time Written: 20080805170923.000000-240
Event Type: error
User:

Computer Name: YOUR-B27FB1C401
Event Code: 454
Message: wuauclt (3848) Database recovery/restore failed with unexpected error -551.

Record Number: 6011
Source Name: ESENT
Time Written: 20080805170923.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
  • 0

#6
Jimmy2012
Posted 04 February 2009 - 10:57 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,
No problem. :)




I did not see any anti-virus software on your computer. Without any anti-virus software you can get a virus more easily. I recommend that you should download a anti-virus program. Here are two to choose from(both of them are free).
AntiVir
AVG
Out of these two I would recommend AntiVir. Please only install one anti-virus on your computer at a time. Running more then one at a time can cause conflicts and can also slow your computer down. If you need any help installing one please let me know.





Please download DirLook by jpshortstuff from here.
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    C:\Documents and Settings\All Users\Application Data\1E308
C:\Documents and Settings\All Users\Application Data\D23D
C:\Documents and Settings\All Users\Application Data\125C
C:\Documents and Settings\All Users\Application Data\30356
  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.
  • 0

#7
hotshotvz
Posted 04 February 2009 - 11:11 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Jimmy2012,

I ran the scan exactly as you requested and the log is below. As for the anti-virus. I've actually tried Avira. I didn't like the pop-ups from it and the user interface was very confusing. I'm going to try AVG if that's okay. Mike

DirLook.exe v2.0 by jpshortstuff
Log created at 00:10 on 05/02/2009
==================================
Contents of "C:\Documents and Settings\All Users\Application Data\1E308"

---FOLDERS---

(none found)

---FILES---

{F050013C-7946-4CE4-84BB-BA7FA749223B}.swf (2242 bytes - created on 31/01/2009 at 20:28, modified on 01/12/2008 at 16:12) --a---

==================================
Contents of "C:\Documents and Settings\All Users\Application Data\D23D"

---FOLDERS---

(none found)

---FILES---

{AB6DE62B-ED02-40C3-9757-B27B4103BCD0}.swf (2242 bytes - created on 31/01/2009 at 20:28, modified on 01/12/2008 at 16:12) --a---

==================================
Contents of "C:\Documents and Settings\All Users\Application Data\125C"

---FOLDERS---

(none found)

---FILES---

{7890ACC4-F740-40A6-BF30-2F9B90C4FB16}.swf (2242 bytes - created on 31/01/2009 at 20:28, modified on 01/12/2008 at 16:12) --a---

==================================
Contents of "C:\Documents and Settings\All Users\Application Data\30356"

---FOLDERS---

(none found)

---FILES---

{6A60A0CC-F850-4066-9AED-34CBC387B866}.swf (2242 bytes - created on 31/01/2009 at 20:26, modified on 01/12/2008 at 16:12) --a---

==================================
=EOF=

Edited by hotshotvz, 04 February 2009 - 11:15 PM.

  • 0

#8
Jimmy2012
Posted 05 February 2009 - 12:16 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,

I'm going to try AVG if that's okay.

That's fine. :)





  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.









Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~~~~
In your next reply please have these logs.
The Malwarebytes log
And the Kaspersky log
  • 0

#9
hotshotvz
Posted 05 February 2009 - 09:27 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Jimmy2012,

I ran the MBAM as you requested, and the log is below. I thought I would let you in on a few complications. First off, I could not get the Kaspersky page to load. Everytime I clicked your link, it would close my IE browser. I also tried going to the virus scanner by starting from the main page, www.kaspersky.com. When I reached the link to begin free scan, it also closed out my browser. The last time I had a rootkit, the exact same thing occurred. It wouldn't let me access Kaspersky, on IE or Firefox. I ended up having to use a different online scanner. Second off, I've noticed a new process running on task manager. It is labelled as System, the user name is SYSTEM, and the Mem Usage is 61,196K, and it's been like this since last night. I hope these details help you out. I look forward to hearing from you soon. Mike

Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 3

2/5/2009 10:14:09 PM
mbam-log-2009-02-05 (22-14-09).txt

Scan type: Quick Scan
Objects scanned: 58358
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Jimmy2012
Posted 05 February 2009 - 11:03 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,

I ended up having to use a different online scanner.

Lets try something else first. :)

It is labelled as System, the user name is SYSTEM, and the Mem Usage is 61,196K

I have the same thing on mine, it is safe. The only thing different on mine is that it is not taking up that much usage.




Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

Advertisements

#11
hotshotvz
Posted 05 February 2009 - 11:31 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Jimmy2012,

I ran the GMER scan as you requested, and the log is below. I look forward to hearing from you soon. Mike.

Update: I posted the earlier statement at 12:31am. As of writing this update, the time is 1:57am, and I just looked at TaskManager. I now have 21 processes running at least at 15,000K (2 of which at 22,000K, 2 of which at 30,000K, 1 at 48,000K, and 1 at 61,000K). Only IE is using a fraction of CPU, like 2-3%, all of the others are at 0% CPU. I have no clue what is happening and I've never even seen numbers like that before. I think I'm going to leave my computer alone until I hear from you again. I just thought I'd let you know what is happening and I appreciate all of your help thus far. If I can be of any service to you, I'll gladly do it. Thanks again. Mike.

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-06 00:28:50
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

Edited by hotshotvz, 06 February 2009 - 01:04 AM.

  • 0

#12
Jimmy2012
Posted 06 February 2009 - 12:08 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,

I now have 21 processes running at least at 15,000K

Right before this problem started, did you install anything new?



Please try this scanner.



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#13
hotshotvz
Posted 06 February 2009 - 01:26 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Jimmy2012,

I ran the scan as you instructed, and the log is below. As for your question, when I was trying to get Kaspersky to work, I installed Firefox to see if I could get it to work on that browswer, but to no avail. Other than what you have instructed me to download and run, Firefox is the only thing I have installed on my computer since I've been working with you. After I posted the MBAM log, I open Freecell on Windows to play until your next post. When you instructed me to use GMER, I wrote down the instruction on paper, closed out Freecell and IE so that I could run GMER without anything else being run at the same time. After I ran GMER, I reopened IE to post the log and left the forums up until your next post. When I went to bed at 2am, I checked TaskManager to see if anything else appeared and that's when I noticed everything running at absurb levels. I hope these details help you. If there is anything else you need to know, please feel free to ask. I look forward to hearing from you soon. Mike.

Scanning Report
Friday, February 06, 2009 13:23:40 - 14:16:36
Computer name: YOUR-B27FB1C401
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
TrackingCookie.Revsci (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 41102
System: 3379
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EE77B0FDD1F6B8EB5DC208B050708D53_46F753BC-1D70-4E73-A061-AC88C34F9649
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FEDA75EAB8301F258A044718D2F4A99E_46F753BC-1D70-4E73-A061-AC88C34F9649

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-02-06
F-Secure AVP: 7.0.171, 2009-02-06
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure Blacklight: 0.0.0
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
  • 0

#14
Jimmy2012
Posted 06 February 2009 - 06:19 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello hotshotvz,

Please try the following, lets try to get a deeper look at your computer. :)




Before running a new scan let's clean out the temporary folders.


Download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:

  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:

  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Check the Radio button for Rootkit check YES
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Lop Check
    • File - Purity Scan
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.
  • 0

#15
hotshotvz
Posted 06 February 2009 - 09:26 PM

hotshotvz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Jimmy2012,

I ran the scan as you requested, and the log is below. I look forward to hearing from you again. Mike

[code=auto:0]OTScanIt2 logfile created on: 2/6/2009 10:14:46 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\OTScanIt2
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 550.68 Mb Available Physical Memory | 57.45% Memory free
2.26 Gb Paging File | 1.95 Gb Available in Paging File | 86.25% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.36 Gb Total Space | 202.50 Gb Free Space | 89.86% Space Free | Partition Type: NTFS
Drive D: | 7.51 Gb Total Space | 0.96 Gb Free Space | 12.85% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-B27FB1C401
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
alcxmntr.exe -> %SystemRoot%\ALCXMNTR.EXE -> [2004/09/07 15:47:52 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/06/08 00:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/06/08 00:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/06/08 06:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
avgcsrvx.exe -> %ProgramFiles%\AVG\AVG8\avgcsrvx.exe -> [2009/02/05 00:19:11 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> %ProgramFiles%\AVG\AVG8\avgnsx.exe -> [2009/02/05 00:19:12 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> [2009/02/05 00:19:12 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/02/05 00:19:09 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2004/08/10 21:04:36 | 00,045,568 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\ehome\ehRecvr.exe -> [2004/09/28 10:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2004/08/10 21:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2004/08/10 21:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation)
hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> [1998/05/07 11:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/17 16:26:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> [2005/02/02 18:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/21 08:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> [2005/01/24 04:56:00 | 00,544,768 | ---- | M] (Motorola Inc.)
wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2004/08/10 21:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/06/08 00:38:32 | 00,376,832 | ---- | M] (ATI Technologies Inc.)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> [2009/02/05 00:19:09 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehRecvr.exe -> [2004/09/28 10:33:52 | 00,195,584 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2004/08/10 21:04:42 | 00,102,912 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 12:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/17 16:26:01 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2005/06/21 08:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/20 08:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/10 21:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2004/08/10 21:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2005/04/20 13:00:56 | 02,317,696 | ---- | M] (Realtek Semiconductor Corp.)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 16:53:00 | 00,036,352 | ---- | M] (Advanced Micro Devices)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/06/08 00:44:36 | 01,235,968 | ---- | M] (ATI Technologies Inc.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2009/02/05 00:19:23 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2009/02/05 00:19:21 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2009/02/05 00:19:30 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\bb-run.sys -> [2003/11/05 17:45:12 | 00,017,408 | ---- | M] (Promise Technology, Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftsata2.sys -> [2005/04/14 23:12:12 | 00,175,616 | ---- | M] (Promise Technology, Inc.)
(gmer) gmer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gmer.sys -> [2009/01/30 00:24:30 | 00,085,969 | ---- | M] (GMER)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2005/10/21 18:58:58 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2005/03/08 06:52:28 | 00,021,744 | ---- | M] (HP)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> [2005/03/09 20:09:18 | 00,870,912 | ---- | M] (Intel Corporation)
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> [2004/08/04 07:41:36 | 00,606,684 | ---- | M] (LT)
(MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001/08/17 22:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PS2.sys -> [2002/07/29 17:43:50 | 00,023,808 | ---- | M] (Hewlett-Packard Company)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2008/06/10 19:07:16 | 00,043,528 | ---- | M] (Sonic Solutions)
(RTL8023xp) Realtek 10/100/1000 PCI NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtnicxp.sys -> [2008/02/25 11:54:56 | 00,105,088 | ---- | M] (Realtek Semiconductor Corporation )
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/04 07:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(smserial) smserial [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smserial.sys -> [2005/01/25 08:56:00 | 00,923,863 | ---- | M] (Motorola Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\FireFox\Profiles\2fg8o66p.default\prefs.js ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
browser.startup.homepage_override.mstone -> "rv:1.8.0.4" ->
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 22:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/02/05 00:19:13 | 01,078,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/17 16:26:02 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/17 16:26:01 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/17 16:26:02 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> %ProgramFiles%\Adobe\Reader 9.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/02/05 00:19:10 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.)
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2004/08/10 21:04:42 | 00,059,392 | ---- | M] (Microsoft Corporation)
"HPBootOp" -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2005/02/26 00:34:02 | 00,245,760 | ---- | M] (Hewlett-Packard Company)
"SMSERIAL" -> %SystemRoot%\sm56hlpr.exe [sm56hlpr.exe] -> [2005/01/24 04:56:00 | 00,544,768 | ---- | M] (Motorola Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/17 16:26:01 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation)
< Compaq_Administrator Startup Folder > -> C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDrives" -> [0] -> File not found
\\"NoCDBurning" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
\\"DisableRegistryTools" -> [0] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5219 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7876 domain(s) found. ->
57 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [HKLM] -> http://www.musicnotes.com/download/mnviewer.cab [Musicnotes Viewer] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} [HKLM] -> http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe [MSN Money Charting] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218484776562 [MUWebControl Class] ->
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab [GMNRev Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab [Reg Error: Key does not exist or could not be opened.] ->
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [HKLM] -> http://support.f-secure.com/ols/fscax.cab [F-Secure Online Scanner 3.3] ->
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab [Java Plug-in 1.5.0] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{22A94CA7-FBD3-4EC0-8545-AA72FC46DA6B} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{23961986-350F-4B1F-8DD9-2F35B34F773B} -> (1394 Net Adapter) ->
{24C35E9D-43DE-47B3-8C8D-C6AC403DF807} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/06/08 00:39:38 | 00,046,080 | ---- | M] (ATI Technologies Inc.)
avgrsstarter -> %SystemRoot%\system32\avgrsstx.dll -> [2009/02/05 00:19:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%ProgramFiles%\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/02/05 00:19:12 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/02/05 00:19:10 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/09/18 13:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM] -> [2008/12/12 13:46:08 | 09,555,968 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/11/17 06:32:46 | 00,000,000 | ---- | M] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->


[Files/Folders - Created Within 30 Days]
14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/06 22:13:57 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/06 22:11:16 | 00,656,714 | ---- | C] ()
fsaua.data -> %SystemDrive%\fsaua.data -> [2009/02/06 13:17:59 | 00,000,000 | ---D | C]
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2009/02/06 00:16:38 | 00,747,873 | ---- | C] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/02/05 22:28:46 | 00,001,610 | ---- | C] ()
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [2009/02/05 22:28:41 | 00,000,000 | ---D | C]
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/02/05 00:19:31 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.)
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [2009/02/05 00:19:31 | 00,001,515 | ---- | C] ()
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/02/05 00:19:30 | 00,107,272 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/02/05 00:19:23 | 00,325,128 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/02/05 00:19:21 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/02/05 00:19:17 | 32,855,144 | ---- | C] ()
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/02/05 00:19:17 | 06,061,540 | ---- | C] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/02/05 00:19:17 | 00,368,010 | ---- | C] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/02/05 00:19:17 | 00,086,834 | ---- | C] ()
Avg -> %SystemRoot%\System32\drivers\Avg -> [2009/02/05 00:19:17 | 00,000,000 | ---D | C]
AVG -> %ProgramFiles%\AVG -> [2009/02/05 00:19:09 | 00,000,000 | ---D | C]
avg_free_stf_en_8_233a1415.exe -> %UserProfile%\My Documents\avg_free_stf_en_8_233a1415.exe -> [2009/02/05 00:17:18 | 59,981,528 | ---- | C] (AVG Technologies)
rsit -> %SystemDrive%\rsit -> [2009/02/04 19:02:30 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/04 19:02:07 | 00,781,851 | ---- | C] ()
iyvu9_32.dll -> %SystemRoot%\System32\iyvu9_32.dll -> [2009/02/02 23:02:04 | 00,056,832 | ---- | C] ()
Recent -> %UserProfile%\Recent -> [2009/02/02 09:42:13 | 00,000,000 | RH-D | C]
LimeWire -> %ProgramFiles%\LimeWire -> [2009/02/01 16:08:58 | 00,000,000 | ---D | C]
1E308 -> %AllUsersProfile%\Application Data\1E308 -> [2009/01/31 15:28:30 | 00,000,000 | ---D | C]
D23D -> %AllUsersProfile%\Application Data\D23D -> [2009/01/31 15:28:13 | 00,000,000 | ---D | C]
125C -> %AllUsersProfile%\Application Data\125C -> [2009/01/31 15:28:01 | 00,000,000 | ---D | C]
30356 -> %AllUsersProfile%\Application Data\30356 -> [2009/01/31 15:26:48 | 00,000,000 | ---D | C]
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/01/30 23:45:38 | 07,340,032 | ---- | C] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2009/01/30 00:24:32 | 00,000,250 | ---- | C] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2009/01/30 00:24:30 | 00,884,736 | ---- | C] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2009/01/30 00:24:30 | 00,811,008 | ---- | C] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2009/01/30 00:24:30 | 00,085,969 | ---- | C] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2009/01/30 00:24:30 | 00,000,080 | ---- | C] ()
ComboFix -> %SystemDrive%\ComboFix -> [2009/01/29 22:54:32 | 00,000,000 | ---D | C]
RECYCLER -> %SystemDrive%\RECYCLER -> [2009/01/29 22:50:28 | 00,000,000 | -HSD | C]
temp -> %SystemRoot%\temp -> [2009/01/29 22:46:02 | 00,000,000 | ---D | C]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/01/22 22:39:33 | 10,051,13344 | -HS- | C] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/21 13:34:59 | 00,000,619 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/21 13:34:59 | 00,000,600 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/01/21 13:34:59 | 00,000,000 | ---D | C]
pss -> %SystemRoot%\pss -> [2009/01/21 13:33:10 | 00,000,000 | ---D | C]
mouhid.sys -> %SystemRoot%\System32\drivers\mouhid.sys -> [2009/01/19 22:16:34 | 00,012,160 | ---- | C] (Microsoft Corporation)
mouhid.sys -> %SystemRoot%\System32\dllcache\mouhid.sys -> [2009/01/19 22:16:34 | 00,012,160 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\drivers\hidusb.sys -> [2009/01/19 22:16:31 | 00,010,368 | ---- | C] (Microsoft Corporation)
hidusb.sys -> %SystemRoot%\System32\dllcache\hidusb.sys -> [2009/01/19 22:16:31 | 00,010,368 | ---- | C] (Microsoft Corporation)
ORKTools -> %ProgramFiles%\ORKTools -> [2009/01/19 02:40:27 | 00,000,000 | ---D | C]
.netbeans -> %UserProfile%\.netbeans -> [2009/01/17 00:38:17 | 00,000,000 | ---D | C]
.netbeans-registration -> %UserProfile%\.netbeans-registration -> [2009/01/17 00:38:00 | 00,000,000 | ---D | C]
.nbi -> %UserProfile%\.nbi -> [2009/01/17 00:31:55 | 00,000,000 | ---D | C]
JCreator LE -> %UserProfile%\My Documents\JCreator LE -> [2009/01/16 23:24:28 | 00,000,000 | ---D | C]
DealOrNoDeal2.java -> %UserProfile%\My Documents\DealOrNoDeal2.java -> [2009/01/16 23:21:47 | 00,000,441 | ---- | C] ()
DealOrNoDeal.java -> %UserProfile%\My Documents\DealOrNoDeal.java -> [2009/01/16 16:49:12 | 00,000,000 | ---- | C] ()
JCreator -> %AppData%\JCreator -> [2009/01/16 16:48:51 | 00,000,000 | ---D | C]
JCreator -> %AllUsersProfile%\Application Data\JCreator -> [2009/01/16 16:48:51 | 00,000,000 | ---D | C]
EsetOnlineScanner -> %ProgramFiles%\EsetOnlineScanner -> [2009/01/16 00:26:50 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/06 22:11:20 | 00,656,714 | ---- | M] ()
incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2009/02/06 09:20:23 | 32,855,144 | ---- | M] ()
gmer.ini -> %SystemRoot%\gmer.ini -> [2009/02/06 00:21:10 | 00,000,250 | ---- | M] ()
gmer.exe -> %UserProfile%\Desktop\gmer.exe -> [2009/02/06 00:20:54 | 00,811,008 | ---- | M] ()
gmer.exe -> %SystemRoot%\gmer.exe -> [2009/02/06 00:20:54 | 00,811,008 | ---- | M] ()
gmer.zip -> %UserProfile%\Desktop\gmer.zip -> [2009/02/06 00:16:38 | 00,747,873 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/02/05 22:28:46 | 00,001,610 | ---- | M] ()
microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2009/02/05 07:13:10 | 00,086,834 | ---- | M] ()
hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [2009/02/05 01:19:50 | 00,000,246 | ---- | M] ()
eHomeLog-26.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-26.dat -> [2009/02/05 01:18:11 | 00,000,268 | -H-- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/05 01:16:45 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/05 01:16:31 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/05 01:16:25 | 10,051,13344 | -HS- | M] ()
ntuser.dat -> %UserProfile%\ntuser.dat -> [2009/02/05 01:15:12 | 07,340,032 | ---- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/05 01:15:12 | 00,000,178 | -HS- | M] ()
avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> [2009/02/05 00:19:31 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.)
AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [2009/02/05 00:19:31 | 00,001,515 | ---- | M] ()
avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2009/02/05 00:19:30 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2009/02/05 00:19:23 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2009/02/05 00:19:21 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.)
avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2009/02/05 00:19:17 | 06,061,540 | ---- | M] ()
miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2009/02/05 00:19:17 | 00,368,010 | ---- | M] ()
avg_free_stf_en_8_233a1415.exe -> %UserProfile%\My Documents\avg_free_stf_en_8_233a1415.exe -> [2009/02/05 00:17:21 | 59,981,528 | ---- | M] (AVG Technologies)
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/04 19:02:10 | 00,781,851 | ---- | M] ()
eHomeLog-25.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-25.dat -> [2009/02/04 13:18:00 | 00,000,268 | -H-- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/02/04 13:16:46 | 00,205,712 | ---- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2009/02/04 13:16:06 | 03,705,928 | -H-- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/03 17:48:58 | 00,051,072 | ---- | M] ()
eHomeLog-24.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-24.dat -> [2009/02/01 16:41:07 | 00,000,268 | -H-- | M] ()
eHomeLog-23.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-23.dat -> [2009/02/01 16:11:22 | 00,000,268 | -H-- | M] ()
eHomeLog-22.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-22.dat -> [2009/02/01 16:10:54 | 00,000,268 | -H-- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/02/01 16:10:14 | 00,001,158 | ---- | M] ()
eHomeLog-21.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-21.dat -> [2009/02/01 09:03:01 | 00,000,268 | -H-- | M] ()
eHomeLog-20.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-20.dat -> [2009/01/31 20:36:50 | 00,000,268 | -H-- | M] ()
eHomeLog-19.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-19.dat -> [2009/01/31 20:30:09 | 00,000,268 | -H-- | M] ()
eHomeLog-18.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-18.dat -> [2009/01/31 20:29:52 | 00,000,268 | -H-- | M] ()
eHomeLog-47.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-47.dat -> [2009/01/30 00:39:58 | 00,000,268 | -H-- | M] ()
gmer.dll -> %SystemRoot%\gmer.dll -> [2009/01/30 00:24:30 | 00,884,736 | ---- | M] ()
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> [2009/01/30 00:24:30 | 00,085,969 | ---- | M] (GMER)
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [2009/01/30 00:24:30 | 00,000,080 | ---- | M] ()
system.ini -> %SystemRoot%\system.ini -> [2009/01/29 22:44:18 | 00,000,227 | ---- | M] ()
eHomeLog-46.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-46.dat -> [2009/01/29 16:46:41 | 00,000,268 | -H-- | M] ()
MySpaceIM.lnk -> %AllUsersProfile%\Desktop\MySpaceIM.lnk -> [2009/01/25 20:09:10 | 00,000,747 | ---- | M] ()
eHomeLog-45.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-45.dat -> [2009/01/22 22:40:07 | 00,000,268 | -H-- | M] ()
eHomeLog-44.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-44.dat -> [2009/01/22 02:09:19 | 00,000,268 | -H-- | M] ()
eHomeLog-43.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-43.dat -> [2009/01/22 02:07:33 | 00,000,268 | -H-- | M] ()
eHomeLog-42.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-42.dat -> [2009/01/21 22:32:10 | 00,000,268 | -H-- | M] ()
eHomeLog-41.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-41.dat -> [2009/01/21 16:57:39 | 00,000,268 | -H-- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/01/21 13:34:59 | 00,000,619 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/01/21 13:34:59 | 00,000,600 | ---- | M] ()
eHomeLog-40.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-40.dat -> [2009/01/20 11:13:09 | 00,000,268 | -H-- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/01/20 11:05:59 | 00,005,060 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/01/20 11:05:59 | 00,004,646 | ---- | M] ()
eHomeLog-39.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-39.dat -> [2009/01/19 22:31:38 | 00,000,268 | -H-- | M] ()
eHomeLog-38.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-38.dat -> [2009/01/19 22:15:31 | 00,000,268 | -H-- | M] ()
eHomeLog-37.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-37.dat -> [2009/01/19 07:43:50 | 00,000,268 | -H-- | M] ()
eHomeLog-36.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-36.dat -> [2009/01/19 02:43:08 | 00,000,268 | -H-- | M] ()
eHomeLog-35.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-35.dat -> [2009/01/19 02:42:31 | 00,000,268 | -H-- | M] ()
eHomeLog-34.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-34.dat -> [2009/01/19 02:37:21 | 00,000,268 | -H-- | M] ()
eHomeLog-33.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-33.dat -> [2009/01/19 02:25:31 | 00,000,268 | -H-- | M] ()
eHomeLog-32.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-32.dat -> [2009/01/19 02:24:51 | 00,000,268 | -H-- | M] ()
eHomeLog-31.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-31.dat -> [2009/01/17 06:58:23 | 00,000,268 | -H-- | M] ()
DealOrNoDeal2.java -> %UserProfile%\My Documents\DealOrNoDeal2.java -> [2009/01/16 23:21:47 | 00,000,441 | ---- | M] ()
DealOrNoDeal.java -> %UserProfile%\My Documents\DealOrNoDeal.java -> [2009/01/16 16:49:12 | 00,000,000 | ---- | M] ()
eHomeLog-30.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-30.dat -> [2009/01/16 09:44:11 | 00,000,268 | -H-- | M] ()
eHomeLog-29.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-29.dat -> [2009/01/16 09:43:39 | 00,000,268 | -H-- | M] ()
eHomeLog-17.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-17.dat -> [2009/01/16 00:07:02 | 00,000,268 | -H-- | M] ()
eHomeLog-16.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-16.dat -> [2009/01/15 23:55:55 | 00,000,268 | -H-- | M] ()
eHomeLog-15.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-15.dat -> [2009/01/15 23:53:49 | 00,000,268 | -H-- | M] ()
eHomeLog-14.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-14.dat -> [2009/01/15 23:47:54 | 00,000,268 | -H-- | M] ()
eHomeLog-13.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-13.dat -> [2009/01/15 23:42:46 | 00,000,268 | -H-- | M] ()
eHomeLog-12.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-12.dat -> [2009/01/15 23:20:02 | 00,000,268 | -H-- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
eHomeLog-11.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-11.dat -> [2009/01/13 15:14:38 | 00,000,268 | -H-- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/01/13 15:11:48 | 00,001,374 | ---- | M] ()
eHomeLog-10.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-10.dat -> [2009/01/13 11:33:58 | 00,000,268 | -H-- | M] ()
eHomeLog-9.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-9.dat -> [2009/01/13 01:11:12 | 00,000,268 | -H-- | M] ()
eHomeLog-8.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-8.dat -> [2009/01/10 20:51:44 | 00,000,268 | -H-- | M] ()
eHomeLog-7.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-7.dat -> [2009/01/07 16:18:08 | 00,000,268 | -H-- | M] ()
eHomeLog-0.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-0.dat -> [2009/01/07 16:17:32 | 00,000,268 | -H-- | M] ()
eHomeLog-4.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-4.dat -> [2009/01/02 15:46:05 | 00,000,268 | -H-- | M] ()
eHomeLog-3.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-3.dat -> [2009/01/02 15:41:20 | 00,000,268 | -H-- | M] ()
eHomeLog-6.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-6.dat -> [2008/12/31 18:22:52 | 00,000,268 | -H-- | M] ()
eHomeLog-5.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-5.dat -> [2008/12/23 20:48:37 | 00,000,268 | -H-- | M] ()
eHomeLog-2.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-2.dat -> [2008/12/23 20:37:25 | 00,000,268 | -H-- | M] ()
eHomeLog-1.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-1.dat -> [2008/12/23 20:31:38 | 00,000,268 | -H-- | M] ()
eHomeLog-28.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-28.dat -> [2008/12/22 12:47:40 | 00,000,268 | -H-- | M] ()
eHomeLog-27.dat -> %AllUsersProfile%\Application Data\Microsoft\eHome\logs\eHomeLog-27.dat -> [2008/12/22 12:44:40 | 00,000,268 | -H-- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2008/08/11 15:07:38 | 00,001,313 | ---- | M] ()
data.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\data.dat -> [2008/07/07 09:53:21 | 00,001,372 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/05/17 17:24:30 | 00,011,156 | ---- | M] ()
wklntsk1.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wklntsk1.dat -> [2006/01/27 22:01:00 | 00,166,221 | ---- | M] ()
wkcalcat.dat -> %AllUsersProfile%\Application Data\Microsoft\Works\wkcalcat.dat -> [2006/01/27 21:51:01 | 00,016,384 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\ehthumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\ehthumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
@Alternate Data Stream - 119 bytes -> %AllUsersProfile%\Application Data\TEMP:18B7103A
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
@Alternate Data Stream - 126 bytes -> %AllUsersProfile%\Application Data\TEMP:54D4173A
@Alternate Data Stream - 126 bytes -> %AllUsersProfile%\Application Data\TEMP:B6E32B82
@Alternate Data Stream - 127 bytes -> %AllUsersProfile%\Application Data\TEMP:4E16047B
@Alternate Data Stream - 6598 bytes -> %SystemRoot%\Uninstall Instructions.url:favicon

[File - Lop Check]
Application Data -> C:\Documents and Settings\All Users\Application Data -> [2009/02/06 00:35:29 | 00,000,000 | RH-D | M]
125C -> C:\Documents and Settings\All Users\Application Data\125C -> [2009/01/31 15:28:01 | 00,000,000 | ---D | M]
1E308 -> C:\Documents and Settings\All Users\Application Data\1E308 -> [2009/01/31 15:28:30 | 00,000,000 | ---D | M]
2F55 -> C:\Documents and Settings\All Users\Application Data\2F55 -> [2008/11/06 18:24:47 | 00,000,000 | ---D | M]
30
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP