Trojan horse Rootkit Agent. CW-(Windows/System 32)--(AMONGST OTHERS) : - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Trojan horse Rootkit Agent. CW-(Windows/System 32)--(AMONGST OTHERS) : Re occuring virus wont go away----pc was re-booting like crazy--

#1 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 23 April 2009 - 12:44 PM

I have tried to remove with malwarebytes and ad aware, also spybot---and finally macafee av--and they keep re appearing and the computer wont run in normal mode more than 5 mins. The pc just reboots and freezes. Have to then run in safe mode and remove malware again, and pc will run for another 5mins untill reinfection. grrr. i dont know what else to do hopefully you experts out here can help me. I cant function with out pc haha lol--no really! :) :)


NEW INFO: I installed latest version of AVG (AV) and found about 60 trojans and other critters that my macafee AV didnt find. Rebootoed in normal mode and now at least the computer doesnt shut down. HOWEVER the trojan horse rootkit agent in windows file 32 keeps reoccuring i just keep removing or puting in vault. otherwise would probably still crash. I know this can be fixed just need a little help. I await your kind knowledgable expertise. Thank You so much.

#2 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,528
  • Joined: 30-November 05

Posted 23 April 2009 - 07:13 PM

Hi, datdude30 :)

Welcome

Download OTListIt2.exe to your Desktop.
  • Close any open browsers.
  • Double-click on OTListIt2.exe to start the program.
  • Leave all settings as they appear as default.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file

Post the contents of that Notepad document in your next reply.

#3 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 10:57 AM

NOTE: I HAD TO RUN AVG ANTIVIRUS IN SAFE MODE TO GET PC WORKING TO ACCESS YOUR REPLY, SO SOME VIRUS'S WERE REMOVED OR WHATEVER PRIOR TO RUNNING SCAN. AT ANY RATE, HERE IT IS----PLEASE PLEASE HELP ME THX. DREW

OTListIt logfile created on: 4/24/2009 11:39:04 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.39 Mb Total Physical Memory | 464.66 Mb Available Physical Memory | 45.81% Memory free
2.38 Gb Paging File | 1.98 Gb Available in Paging File | 82.99% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 177.65 Gb Total Space | 115.24 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
Drive D: | 8.63 Gb Total Space | 0.43 Gb Free Space | 4.93% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2009/04/24 09:02:09 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/09/21 08:11:52 | 00,061,440 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2006/02/21 11:58:34 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/08/06 04:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
PRC - [2004/08/18 09:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe
PRC - [2005/09/29 17:01:14 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2006/03/23 08:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005/08/02 19:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\ARPWRMSG.EXE
PRC - [2006/04/13 05:05:00 | 00,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2004/08/18 09:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
PRC - [2004/08/18 09:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
PRC - [2004/08/06 04:50:00 | 00,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
PRC - [2009/04/24 09:02:39 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2004/08/06 04:50:00 | 00,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
PRC - [2007/01/02 22:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/07/04 17:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
PRC - [2009/04/24 09:01:49 | 00,833,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/04/24 09:02:56 | 00,486,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/04/24 09:02:29 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2006/08/28 11:23:44 | 05,527,040 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
PRC - [2005/08/05 16:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehmsas.exe
PRC - [2006/12/10 22:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/02/06 11:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/04/24 11:36:44 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/02 12:26:46 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [On_Demand | Stopped])
SRV - [2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/24 09:02:09 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/09/21 08:11:52 | 00,061,440 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 16:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2004/08/09 16:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2007/01/02 23:46:54 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2006/12/11 00:29:24 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2006/02/21 11:58:34 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2004/08/06 04:50:00 | 00,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2005/08/05 16:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2004/08/18 09:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\Mcshield.exe -- (McShield [Auto | Paused])
SRV - [2004/08/18 09:00:00 | 00,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe -- (McTaskManager [Auto | Running])
SRV - [2004/08/09 22:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/02/15 12:49:00 | 02,794,234 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\GameMon.des -- (npggsvc [Auto | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/04/23 16:23:38 | 00,024,576 | ---- | M] (Atribune.org) -- C:\WINDOWS\system32\VundoFixSVC.exe -- (VundoFixSvc [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - File not found -- -- (WUSB54GCSVC [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/04/29 11:20:00 | 00,015,648 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter [On_Demand | Stopped])
DRV - [2008/12/08 18:46:01 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2009/04/24 09:02:55 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/04/24 09:02:55 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/04/24 09:01:51 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [Boot | Running])
DRV - [2009/04/24 09:02:33 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2001/08/17 12:11:30 | 00,096,640 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Stopped])
DRV - [2005/02/01 19:18:38 | 00,017,992 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\BCM42RLY.SYS -- (BCM42RLY [On_Demand | Stopped])
DRV - [2002/10/01 14:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
DRV - [2006/01/12 11:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2009/03/03 13:37:48 | 00,358,400 | ---- | M] () -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT [On_Demand | Stopped])
DRV - [2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows Ū Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/10/25 10:38:00 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/10/25 10:38:00 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/10/25 10:38:00 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005/12/06 06:20:50 | 00,241,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2005/12/06 06:20:40 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys -- (HSX_DP [On_Demand | Running])
DRV - [2006/03/23 08:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2006/02/21 11:44:30 | 00,250,368 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/06/14 06:04:12 | 04,299,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2005/10/05 10:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/18 09:00:00 | 00,108,256 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1 [On_Demand | Running])
DRV - [2004/08/18 09:00:00 | 00,058,016 | ---- | M] (Network Associates, Inc.) -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1 [System | Running])
DRV - [2004/08/09 16:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2007/01/05 19:00:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2006/09/21 07:14:10 | 00,011,776 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\DRIVERS\pdiddcci.sys -- (pdiddcci [On_Demand | Stopped])
DRV - [2006/09/21 08:11:08 | 00,008,960 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\Drivers\PdiPorts.sys -- (PdiPorts [On_Demand | Running])
DRV - [2004/04/01 16:30:46 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2006/08/24 17:08:22 | 00,017,465 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivot.sys -- (Pivot [System | Running])
DRV - [2006/08/24 17:08:20 | 00,011,323 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\pivotmou.sys -- (pivotmou [On_Demand | Running])
DRV - [2005/12/12 12:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2004/08/09 16:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/03/09 06:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/24 20:51:38 | 00,245,248 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\DRIVERS\rt73.sys -- (RT73 [On_Demand | Running])
DRV - [2004/08/03 09:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/10/31 22:43:00 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (stillcam [On_Demand | Stopped])
DRV - [2004/08/09 16:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (usb_rndis [On_Demand | Stopped])
DRV - [2005/12/06 06:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys -- (winachsx [On_Demand | Running])
DRV - [2004/08/18 09:00:00 | 00,008,320 | ---- | M] (Network Associates, Inc) -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51 [On_Demand | Running])
DRV - [2003/09/25 22:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.SYS -- (GTNDIS5 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?.home=ytff"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 23:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/24 11:02:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\PROGRAM FILES\FLOCK\FLOCK\PLUGINS [2009/02/13 22:04:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\PROGRAM FILES\FLOCK\FLOCK\COMPONENTS [2009/01/06 12:43:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\PROGRA~1\MOZILLA FIREFOX\COMPONENTS [2009/01/09 15:48:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\PROGRA~1\MOZILLA FIREFOX\PLUGINS [2009/03/11 10:43:55 | 00,000,000 | ---D | M]

[2009/02/13 22:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\c4y8f4og.default\extensions
[2008/04/18 08:16:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\c4y8f4og.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/04/04 00:52:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\mozilla\Firefox\Profiles\c4y8f4og.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/10/16 19:41:13 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\c4y8f4og.default\searchplugins\search.xml
[2008/03/23 18:17:54 | 00,001,993 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\c4y8f4og.default\searchplugins\torrentspy.xml
[2009/04/02 18:47:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2008/10/06 14:03:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/19 12:32:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/03/14 21:45:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/15 15:13:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/14 23:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/02 18:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2008/04/19 10:08:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/07/12 15:30:56 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/07/12 15:30:56 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/07/12 15:30:57 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/07/12 15:30:57 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/07/12 15:30:57 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2008/04/19 10:07:58 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/04/19 10:07:58 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/04/19 10:07:58 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/04/19 10:07:58 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/04/19 10:07:58 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/04/19 10:07:58 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {F739044E-BE0A-4AFA-A134-4918FCB8B393} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-5736-4205-0008-F7ED0776FB27} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" (Sonic Solutions)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode (Promise Technology, Inc.)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey (Network Associates, Inc.)
O4 - HKLM..\Run: [PC Alarm Clock] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" (SoftThinks)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE (Network Associates, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [HP_Administrator] C:\Documents and Settings\HP_Administrator\HP_Administrator.exe /i File not found
O4 - HKCU..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s (Uniblue Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm File not found
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Sites: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Sites: trymedia.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 36 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {cafeefac-0016-0000-0007-abcdeffedcba} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\byXoMeeC: DllName - byXoMeeC.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/19 00:14:14 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 00,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/04/24 11:36:35 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/04/24 11:02:20 | 10,637,39392 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/23 16:33:44 | 00,000,017 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\stinger1001546.opt
[2009/04/23 15:20:12 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/23 15:11:28 | 35,373,586 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/23 15:11:27 | 00,032,111 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/23 15:11:26 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/23 15:11:24 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/23 15:11:24 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/23 15:11:24 | 00,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/04/23 15:11:23 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/04/23 15:11:22 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/23 15:11:22 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/23 15:11:21 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/23 15:11:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/23 15:10:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/23 15:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/23 14:45:00 | 03,534,855 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\stinger1001546.exe
[2009/04/20 17:41:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/04/20 14:42:31 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Ultimate Troubleshooter.lnk
[2009/04/20 14:42:13 | 00,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWinSck.ocx
[2009/04/20 14:42:07 | 01,753,088 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExGrid.dll
[2009/04/20 14:42:07 | 00,614,400 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExButton.dll
[2009/04/20 14:42:07 | 00,602,112 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExMenu.dll
[2009/04/20 14:42:06 | 00,516,096 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExTab.dll
[2009/04/20 14:42:06 | 00,307,200 | ---- | C] (Exontrol Inc.) -- C:\WINDOWS\System32\ExPMenu.dll
[2009/04/20 14:42:03 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eSellerateEngine.dll
[2009/04/20 14:42:03 | 00,118,784 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\System32\eWebControl.dll
[2009/04/20 14:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2009/04/20 14:41:54 | 00,000,000 | ---D | C] -- C:\Program Files\AnswersThatWork
[2009/04/20 08:33:01 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/04/19 20:17:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2009/04/19 20:02:56 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/04/19 17:17:44 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/19 11:52:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/04/19 11:52:22 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 11:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/19 11:44:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/19 10:48:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2009/04/18 15:24:59 | 00,000,000 | ---D | C] -- C:\temp
[2009/04/17 10:49:54 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Andrew Schaaf Resume rev.doc
[2009/04/08 17:48:38 | 00,013,830 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Born.docx
[2009/04/03 12:42:41 | 03,377,923 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\movie posters.docx
[2009/04/03 02:16:34 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/04/03 02:16:34 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/04/03 02:16:26 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/04/03 02:16:17 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/04/03 02:16:17 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/04/03 02:16:06 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/04/03 02:15:49 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/03/03 13:37:48 | 00,358,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\EagleNt.sys
[2009/02/14 11:41:46 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/05 14:39:36 | 00,000,238 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2008/12/08 18:44:46 | 00,001,361 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/11/28 11:47:04 | 00,125,440 | ---- | C] () -- C:\WINDOWS\dx7ogl32.dll
[2008/06/30 20:24:17 | 00,089,088 | ---- | C] () -- C:\WINDOWS\System32\hpgt33.dll
[2008/05/27 13:23:55 | 04,481,992 | -HS- | C] () -- C:\WINDOWS\System32\hdcilqqy.ini
[2008/05/25 13:31:38 | 04,296,181 | -HS- | C] () -- C:\WINDOWS\System32\poijskyr.ini
[2008/05/23 16:19:12 | 04,027,996 | -HS- | C] () -- C:\WINDOWS\System32\fbxjpweg.ini
[2008/05/22 16:21:14 | 03,797,284 | -HS- | C] () -- C:\WINDOWS\System32\qeorqyto.ini
[2008/05/21 16:23:57 | 03,623,907 | -HS- | C] () -- C:\WINDOWS\System32\nbsfunrw.ini
[2008/05/20 12:55:16 | 03,337,382 | -HS- | C] () -- C:\WINDOWS\System32\wsbdbnjq.ini
[2008/05/19 11:57:58 | 03,150,238 | -HS- | C] () -- C:\WINDOWS\System32\xjtghmlx.ini
[2008/05/18 09:57:05 | 02,896,150 | -HS- | C] () -- C:\WINDOWS\System32\swrupciu.ini
[2008/05/17 09:27:46 | 02,913,555 | -HS- | C] () -- C:\WINDOWS\System32\auogpxmq.ini
[2008/05/15 23:45:50 | 03,015,472 | -HS- | C] () -- C:\WINDOWS\System32\ftqhxena.ini
[2008/05/15 23:36:47 | 00,826,637 | -HS- | C] () -- C:\WINDOWS\System32\jRAJRXbc.ini2
[2008/05/15 23:36:47 | 00,826,637 | -HS- | C] () -- C:\WINDOWS\System32\jRAJRXbc.ini
[2008/05/14 17:31:09 | 02,829,424 | -HS- | C] () -- C:\WINDOWS\System32\hxdutswe.ini
[2008/05/13 17:31:47 | 01,378,144 | -HS- | C] () -- C:\WINDOWS\System32\knqixhdd.ini
[2008/05/12 17:32:58 | 01,294,692 | -HS- | C] () -- C:\WINDOWS\System32\htljcmrc.ini
[2008/05/11 17:25:03 | 01,297,642 | -HS- | C] () -- C:\WINDOWS\System32\cfxrmpyk.ini
[2008/05/10 17:29:21 | 01,287,377 | -HS- | C] () -- C:\WINDOWS\System32\bkdxcibg.ini
[2008/05/09 17:29:34 | 01,287,257 | -HS- | C] () -- C:\WINDOWS\System32\pspwnbtj.ini
[2008/05/08 17:25:15 | 01,313,055 | -HS- | C] () -- C:\WINDOWS\System32\ppcircuy.ini
[2008/05/07 17:23:54 | 01,368,275 | -HS- | C] () -- C:\WINDOWS\System32\xmliehsy.ini
[2008/05/06 12:08:05 | 01,444,494 | -HS- | C] () -- C:\WINDOWS\System32\tctswpou.ini
[2008/05/05 12:05:22 | 01,533,264 | -HS- | C] () -- C:\WINDOWS\System32\svwlcsui.ini
[2008/05/04 09:00:59 | 01,505,627 | -HS- | C] () -- C:\WINDOWS\System32\ltgobick.ini
[2008/05/02 22:25:47 | 01,505,567 | -HS- | C] () -- C:\WINDOWS\System32\kcfbwjcm.ini
[2008/05/01 22:24:56 | 01,505,447 | -HS- | C] () -- C:\WINDOWS\System32\lgycyrjl.ini
[2008/05/01 21:20:07 | 01,505,677 | -HS- | C] () -- C:\WINDOWS\System32\ixfhdxti.ini
[2008/04/30 21:19:50 | 01,505,617 | -HS- | C] () -- C:\WINDOWS\System32\ihulseqs.ini
[2008/04/29 21:06:06 | 01,505,490 | -HS- | C] () -- C:\WINDOWS\System32\dnwbvroa.ini
[2008/04/28 21:07:00 | 01,505,771 | -HS- | C] () -- C:\WINDOWS\System32\aijttadi.ini
[2008/04/27 21:06:40 | 01,505,799 | -HS- | C] () -- C:\WINDOWS\System32\pahejofm.ini
[2008/04/25 21:05:00 | 01,505,679 | -HS- | C] () -- C:\WINDOWS\System32\vhixfeic.ini
[2008/04/25 20:05:01 | 01,505,559 | -HS- | C] () -- C:\WINDOWS\System32\ntrrwjkb.ini
[2008/04/24 14:51:44 | 01,509,279 | -HS- | C] () -- C:\WINDOWS\System32\rphntfvd.ini
[2008/04/23 14:49:02 | 01,509,219 | -HS- | C] () -- C:\WINDOWS\System32\wvmhvngs.ini
[2008/04/22 14:51:46 | 01,542,521 | -HS- | C] () -- C:\WINDOWS\System32\bhdapwvr.ini
[2008/04/21 10:45:54 | 01,541,861 | -HS- | C] () -- C:\WINDOWS\System32\ursclipo.ini
[2008/04/20 10:47:14 | 01,541,681 | -HS- | C] () -- C:\WINDOWS\System32\ptwtictv.ini
[2008/04/19 10:42:20 | 01,541,501 | -HS- | C] () -- C:\WINDOWS\System32\wmytpald.ini
[2008/04/18 10:40:22 | 01,541,339 | -HS- | C] () -- C:\WINDOWS\System32\bbbrrent.ini
[2008/04/17 10:40:24 | 00,000,294 | -HS- | C] () -- C:\WINDOWS\System32\oshpdsxc.ini
[2008/04/16 17:41:57 | 01,333,943 | -HS- | C] () -- C:\WINDOWS\System32\aGikTvut.ini2
[2008/04/16 17:41:57 | 01,333,943 | -HS- | C] () -- C:\WINDOWS\System32\aGikTvut.ini
[2007/11/11 21:25:02 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/11/05 09:57:14 | 00,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/31 22:42:59 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/09/30 21:19:00 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/09/17 14:13:32 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\MSWHEEL.DLL
[2007/09/13 21:07:00 | 00,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/07 00:19:25 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2007/09/07 00:19:24 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2007/06/13 03:05:31 | 00,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/01/11 17:25:47 | 00,000,366 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2007/01/05 18:53:38 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/12/29 23:56:55 | 00,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2006/12/23 22:36:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2006/12/23 21:54:29 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/19 00:44:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/19 00:23:15 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/11/19 00:17:51 | 00,014,318 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/11/19 00:17:44 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/11/19 00:14:30 | 00,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/11/19 00:00:41 | 00,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/11/19 00:00:00 | 00,000,732 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/11/18 23:53:38 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/11/18 23:49:45 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/11/18 23:25:58 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 06:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/05/02 17:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/30 16:02:00 | 00,000,850 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 08:52:36 | 00,000,270 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 17:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 19:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/06/07 02:05:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll
[2004/08/09 16:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/26 02:51:38 | 00,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/12/31 15:25:23 | 00,061,952 | ---- | C] () -- C:\WINDOWS\System32\ajnetmask.dll
[2003/12/25 22:21:16 | 00,087,040 | ---- | C] () -- C:\WINDOWS\System32\TrayIcon12.dll
[1998/10/11 01:07:38 | 00,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/24 11:36:44 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTListIt2.exe
[2009/04/24 11:35:40 | 00,000,460 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/24 11:06:50 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/04/24 11:06:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/24 11:06:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/24 11:06:47 | 10,637,39392 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/24 09:03:15 | 35,373,586 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/24 09:02:56 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/24 09:02:55 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/24 09:02:55 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/24 09:02:33 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/24 09:01:51 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/04/24 09:00:01 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\8CEF43D08604EF10.job
[2009/04/23 21:52:00 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[2009/04/23 19:20:16 | 00,032,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/23 17:28:06 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/04/23 16:47:59 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/23 16:33:44 | 00,000,017 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\stinger1001546.opt
[2009/04/23 15:55:46 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/23 15:11:26 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/23 15:11:24 | 00,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 8.5.lnk
[2009/04/23 14:46:54 | 03,534,855 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\stinger1001546.exe
[2009/04/22 16:21:38 | 00,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/21 21:39:35 | 00,151,552 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/21 10:15:33 | 00,144,637 | ---- | M] () -- C:\WINDOWS\hpwins16.dat
[2009/04/20 14:42:31 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\The Ultimate Troubleshooter.lnk
[2009/04/19 17:17:44 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/04/19 11:52:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/04/19 11:52:22 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/04/19 11:13:23 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/18 18:21:13 | 00,120,496 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/18 16:02:29 | 00,388,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/18 15:58:25 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/04/18 15:54:59 | 00,410,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/18 15:54:58 | 00,065,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/18 15:54:57 | 00,483,924 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/18 15:33:19 | 00,000,732 | ---- | M] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2009/04/18 13:06:07 | 03,377,923 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\movie posters.docx
[2009/04/18 08:41:42 | 00,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/17 14:22:00 | 03,740,824 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2009/04/17 10:50:45 | 00,039,424 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Andrew Schaaf Resume rev.doc
[2009/04/14 20:26:48 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/04/12 21:54:28 | 00,002,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Greeting Card Factory Photo Card Maker.lnk
[2009/04/08 17:48:39 | 00,013,830 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Born.docx
[2009/04/08 10:47:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/06 09:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/27 02:09:32 | 01,193,414 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >

#4 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,528
  • Joined: 30-November 05

Posted 24 April 2009 - 01:04 PM

Hi, datdude30 :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------
  • Double click on combofix.exe & follow the prompts.
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
  • Install the Recovery Console upon request.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#5 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 02:21 PM

HERE IS THE COMBO REPORT:------HIGHJACK THIS TO FOLLOW SHORTLY HAVE TO INSTALL AND STUFF-NEVER DID IT B4 SORRY--IDK--NOOB--:)

ComboFix 09-04-25.01 - HP_Administrator 04/24/2009 15:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.313 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\aGikTvut.ini
c:\windows\system32\aGikTvut.ini2
c:\windows\system32\aijttadi.ini
c:\windows\system32\auogpxmq.ini
c:\windows\system32\bbbrrent.ini
c:\windows\system32\bhdapwvr.ini
c:\windows\system32\bkdxcibg.ini
c:\windows\system32\cfxrmpyk.ini
c:\windows\system32\dnwbvroa.ini
c:\windows\system32\fbxjpweg.ini
c:\windows\system32\ftqhxena.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\hdcilqqy.ini
c:\windows\system32\htljcmrc.ini
c:\windows\system32\hxdutswe.ini
c:\windows\system32\ihulseqs.ini
c:\windows\system32\ixfhdxti.ini
c:\windows\system32\jRAJRXbc.ini
c:\windows\system32\jRAJRXbc.ini2
c:\windows\system32\kcfbwjcm.ini
c:\windows\system32\knqixhdd.ini
c:\windows\system32\lgycyrjl.ini
c:\windows\system32\ltgobick.ini
c:\windows\system32\nbsfunrw.ini
c:\windows\system32\ntrrwjkb.ini
c:\windows\system32\oshpdsxc.ini
c:\windows\system32\pahejofm.ini
c:\windows\system32\poijskyr.ini
c:\windows\system32\ppcircuy.ini
c:\windows\system32\pspwnbtj.ini
c:\windows\system32\ptwtictv.ini
c:\windows\system32\qeorqyto.ini
c:\windows\system32\rphntfvd.ini
c:\windows\system32\svwlcsui.ini
c:\windows\system32\swrupciu.ini
c:\windows\system32\tctswpou.ini
c:\windows\system32\ursclipo.ini
c:\windows\system32\vhixfeic.ini
c:\windows\system32\wmytpald.ini
c:\windows\system32\wsbdbnjq.ini
c:\windows\system32\wvmhvngs.ini
c:\windows\system32\xjtghmlx.ini
c:\windows\system32\xmliehsy.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-23 20:20 . 2009-04-24 18:28 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 20:11 . 2009-04-24 14:02 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 20:11 . 2009-04-24 14:01 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-23 20:11 . 2009-04-24 14:02 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 20:11 . 2009-04-24 14:02 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 20:11 . 2009-04-24 14:03 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 20:10 . 2009-04-23 20:10 -------- d-----w c:\program files\AVG
2009-04-23 20:10 . 2009-04-24 16:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-20 19:42 . 2004-03-09 06:00 124688 ----a-w c:\windows\system32\MSWinSck.ocx
2009-04-20 19:42 . 2007-06-08 18:53 1753088 ----a-w c:\windows\system32\ExGrid.dll
2009-04-20 19:42 . 2007-06-05 15:20 602112 ----a-w c:\windows\system32\ExMenu.dll
2009-04-20 19:42 . 2007-04-03 21:51 614400 ----a-w c:\windows\system32\ExButton.dll
2009-04-20 19:42 . 2007-06-05 15:19 516096 ----a-w c:\windows\system32\ExTab.dll
2009-04-20 19:42 . 2007-04-03 21:51 307200 ----a-w c:\windows\system32\ExPMenu.dll
2009-04-20 19:42 . 2005-10-11 19:40 356352 ----a-w c:\windows\system32\eSellerateEngine.dll
2009-04-20 19:42 . 2005-10-04 13:11 118784 ----a-w c:\windows\system32\eWebControl.dll
2009-04-20 19:42 . 2009-04-20 19:42 -------- d-----w c:\program files\Common Files\eSellerate
2009-04-20 19:41 . 2009-04-20 19:41 -------- d-----w c:\program files\AnswersThatWork
2009-04-20 13:33 . 2009-04-20 13:33 -------- d-sh--w C:\found.000
2009-04-20 01:17 . 2009-04-20 03:15 -------- d-----w c:\documents and settings\All Users\Application Data\Rising
2009-04-20 01:02 . 2009-04-23 20:05 -------- d-----w c:\program files\Sophos
2009-04-19 16:52 . 2009-04-19 16:52 -------- d-----w c:\program files\Lavasoft
2009-04-19 16:44 . 2009-04-19 17:05 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 20:24 . 2009-04-19 13:56 -------- d-----w C:\temp
2009-04-03 07:16 . 2009-03-09 20:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-03 07:16 . 2009-03-09 20:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-03 07:16 . 2009-03-09 20:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-03 07:16 . 2009-03-16 19:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-03 07:16 . 2009-03-16 19:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-03 07:16 . 2009-03-16 19:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-03 07:15 . 2009-03-16 19:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-02 23:46 . 2009-03-09 07:53 73728 ----a-w c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 20:01 . 2008-10-20 22:07 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-04-24 03:34 . 2007-06-02 02:18 -------- d-----w c:\program files\PeerGuardian2
2009-04-23 14:51 . 2007-01-01 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 19:01 . 2007-01-06 00:00 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Vso
2009-04-22 02:41 . 2007-05-31 19:33 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-21 15:15 . 2008-12-06 02:59 144637 ----a-w c:\windows\hpwins16.dat
2009-04-20 15:38 . 2008-04-19 15:27 -------- d-----w c:\program files\Flock
2009-04-19 16:48 . 2007-01-16 00:06 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-04-19 16:41 . 2009-02-14 16:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 16:14 . 2008-07-30 20:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 23:46 . 2007-01-17 06:19 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Netscape
2009-04-18 23:21 . 2006-12-24 02:43 120496 -c--a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 20:32 . 2006-11-19 05:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 20:32 . 2006-11-19 04:54 -------- d-----w c:\program files\HP
2009-04-18 20:31 . 2006-11-19 05:08 -------- d-----w c:\program files\Hewlett-Packard
2009-04-18 13:29 . 2008-09-23 00:39 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 19:34 . 2006-12-29 17:04 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-16 23:49 . 2007-07-27 19:46 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2009-04-02 23:46 . 2006-11-19 04:33 -------- d-----w c:\program files\Java
2009-03-26 21:49 . 2008-07-30 20:50 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49 . 2008-07-30 20:50 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-21 14:18 . 2004-08-09 21:00 986112 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-11 15:44 . 2006-12-24 03:26 7829 -c--a-w c:\windows\mozver.dat
2009-03-09 10:19 . 2008-12-15 04:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\dllcache\pdh.dll
2009-03-04 03:16 . 2009-01-25 17:11 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2009-03-03 22:51 . 2009-03-02 21:08 -------- d-----w c:\program files\WinAVI Video Converter
2009-03-03 18:37 . 2009-03-03 18:37 358400 ----a-w c:\windows\system32\drivers\EagleNt.sys
2009-03-03 18:33 . 2009-03-03 18:33 -------- d-----w c:\program files\Gamescampus
2009-02-15 17:54 . 2009-02-15 17:52 103812 ----a-w c:\windows\hpqins07.dat
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\dllcache\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 473088 ----a-w c:\windows\system32\dllcache\fastprox.dll
2009-02-09 10:20 . 2004-08-09 21:00 453120 ----a-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-06 17:24 . 2006-12-19 14:17 2180480 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:22 . 2006-12-19 14:15 2136064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:22 . 2004-08-10 04:00 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\dllcache\services.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:49 . 2006-12-19 12:55 2015744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2006-12-19 12:55 2057728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2004-08-10 04:00 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 16:39 . 2004-08-09 21:00 227840 ----a-w c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\dllcache\secur32.dll
2007-01-06 00:00 . 2007-01-06 00:00 87608 -c--a-w c:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2007-01-06 00:00 . 2007-01-06 00:00 47360 -c--a-w c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2006-12-29 03:00 . 2006-12-29 03:00 3056656 -c--a-w c:\program files\LS_Update_1.4.124.1_.exe
2006-12-24 04:20 . 2006-12-24 02:43 139 -c--a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2005-10-31 15:56 . 2005-10-31 15:56 700416 -c--a-w c:\program files\StubInstaller.exe
2008-07-12 20:2008-04-19 15:06 30:56 . c:\program files\mozilla firefox\components\jar50.dll
2008-07-12 20:2008-04-19 15:06 30:56 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\myspell.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\spellchk.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-11-29 20:21 . 2008-11-29 20:21 373248 --sha-w c:\windows\system32\11E.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-11-12 9495832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-24 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-24 14:02 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli moladim.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winni77.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
backup=c:\windows\pss\dlbcserv.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"abbyy.licensing.finereader.professional.9.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AnswersThatWork\\Troubleshooter\\UltimateTroubleshooter.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 winni77;winni77; [x]
R2 acpi32;acpi32; [x]
R2 amd64si;amd64si; [x]
R2 ati64si;ati64si; [x]
R2 fips32cup;fips32cup; [x]
R2 i386si;i386si; [x]
R2 ksi32sk;ksi32sk; [x]
R2 netsik;netsik; [x]
R2 nicsk32;nicsk32; [x]
R2 npggsvc;npggsvc;c:\windows\system32\GameMon.des [2009-02-15 2794234]
R2 port135sik;port135sik; [x]
R2 securentm;securentm; [x]
R2 ws2_32sik;ws2_32sik; [x]
R4 VundoFixSvc;VundoFixSvc; [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-24 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-24 325896]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-24 108552]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2004-08-18 58016]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2006-06-06 22:45]

2009-04-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2006-06-06 22:45]

2009-04-15 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-11-12 02:28]

2007-11-12 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-11-12 02:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F739044E-BE0A-4AFA-A134-4918FCB8B393} - (no file)
HKCU-Run-HP_Administrator - c:\documents and settings\HP_Administrator\HP_Administrator.exe
HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-PC Alarm Clock - (no file)
Notify-byXoMeeC - byXoMeeC.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 15:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1156)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(760)
c:\windows\system32\EntApi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\program files\Gateway\EzTune\DTSRVC.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-24 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 20:16

Pre-Run: 123,652,808,704 bytes free
Post-Run: 123,522,134,016 bytes free

333 --- E O F --- 2009-04-24 03:36

#6 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 03:34 PM

HERE IS THE HIJACK THIS LOGFILE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:59 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=71067
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: aawservice - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npggsvc - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 10332 bytes

#7 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,528
  • Joined: 30-November 05

Posted 24 April 2009 - 04:47 PM

Hi, datdude30 :)

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

Quote

File::
c:\windows\system32\11E.tmp

Driver::
winni77
acpi32
amd64si
ati64si
fips32cup
i386si
ksi32sk
netsik
nicsk32
npggsvc
port135sik
securentm
ws2_32sik
VundoFixSvc

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winni77.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-


Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

#8 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 05:14 PM

Here is the New combo log I HAVENT DID THE KAPERSKY SCAN YET THOUGH------HI JACK THIS TO FOLLOW THAX

ComboFix 09-04-25.03 - HP_Administrator 04/24/2009 17:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.311 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\11E.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\11E.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_AMD64SI
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_NPGGSVC
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_VUNDOFIXSVC
-------\Legacy_winni77
-------\Legacy_WS2_32SIK
-------\Service_acpi32
-------\Service_amd64si
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_ksi32sk
-------\Service_netsik
-------\Service_nicsk32
-------\Service_npggsvc
-------\Service_port135sik
-------\Service_securentm
-------\Service_VundoFixSvc
-------\Service_winni77
-------\Service_ws2_32sik


((((((((((((((((((((((((( Files Created from 2009-05-24 to 2009-4-24 )))))))))))))))))))))))))))))))
.

2009-04-24 22:30 . 2009-04-24 22:30 42 ----a-w c:\windows\system32\AK083E209605E394C.lie
2009-04-24 22:30 . 2009-04-24 22:33 -------- d-----w c:\program files\Perfect Uninstaller
2009-04-24 21:33 . 2009-04-24 21:33 -------- d-----w c:\program files\Trend Micro
2009-04-23 20:20 . 2009-04-24 18:28 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 20:11 . 2009-04-24 14:02 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 20:11 . 2009-04-24 14:01 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-23 20:11 . 2009-04-24 14:02 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 20:11 . 2009-04-24 14:02 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 20:11 . 2009-04-24 14:03 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 20:10 . 2009-04-23 20:10 -------- d-----w c:\program files\AVG
2009-04-23 20:10 . 2009-04-24 16:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-20 19:42 . 2004-03-09 06:00 124688 ----a-w c:\windows\system32\MSWinSck.ocx
2009-04-20 19:42 . 2007-06-08 18:53 1753088 ----a-w c:\windows\system32\ExGrid.dll
2009-04-20 19:42 . 2007-06-05 15:20 602112 ----a-w c:\windows\system32\ExMenu.dll
2009-04-20 19:42 . 2007-04-03 21:51 614400 ----a-w c:\windows\system32\ExButton.dll
2009-04-20 19:42 . 2007-06-05 15:19 516096 ----a-w c:\windows\system32\ExTab.dll
2009-04-20 19:42 . 2007-04-03 21:51 307200 ----a-w c:\windows\system32\ExPMenu.dll
2009-04-20 19:42 . 2005-10-11 19:40 356352 ----a-w c:\windows\system32\eSellerateEngine.dll
2009-04-20 19:42 . 2005-10-04 13:11 118784 ----a-w c:\windows\system32\eWebControl.dll
2009-04-20 19:42 . 2009-04-20 19:42 -------- d-----w c:\program files\Common Files\eSellerate
2009-04-20 19:41 . 2009-04-20 19:41 -------- d-----w c:\program files\AnswersThatWork
2009-04-20 13:33 . 2009-04-20 13:33 -------- d-sh--w C:\found.000
2009-04-20 01:17 . 2009-04-20 03:15 -------- d-----w c:\documents and settings\All Users\Application Data\Rising
2009-04-20 01:02 . 2009-04-23 20:05 -------- d-----w c:\program files\Sophos
2009-04-19 16:52 . 2009-04-19 16:52 -------- d-----w c:\program files\Lavasoft
2009-04-19 16:44 . 2009-04-19 17:05 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-18 20:24 . 2009-04-19 13:56 -------- d-----w C:\temp
2009-04-03 07:16 . 2009-03-09 20:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-03 07:16 . 2009-03-09 20:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-03 07:16 . 2009-03-09 20:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-03 07:16 . 2009-03-16 19:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-03 07:16 . 2009-03-16 19:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-03 07:16 . 2009-03-16 19:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-03 07:15 . 2009-03-16 19:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-02 23:46 . 2009-03-09 07:53 73728 ----a-w c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 20:01 . 2008-10-20 22:07 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-04-24 03:34 . 2007-06-02 02:18 -------- d-----w c:\program files\PeerGuardian2
2009-04-23 14:51 . 2007-01-01 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-22 19:01 . 2007-01-06 00:00 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Vso
2009-04-22 02:41 . 2007-05-31 19:33 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-21 15:15 . 2008-12-06 02:59 144637 ----a-w c:\windows\hpwins16.dat
2009-04-20 15:38 . 2008-04-19 15:27 -------- d-----w c:\program files\Flock
2009-04-19 16:48 . 2007-01-16 00:06 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-04-19 16:41 . 2009-02-14 16:41 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-19 16:14 . 2008-07-30 20:50 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-18 23:46 . 2007-01-17 06:19 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Netscape
2009-04-18 23:21 . 2006-12-24 02:43 120496 -c--a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 20:32 . 2006-11-19 05:08 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 20:32 . 2006-11-19 04:54 -------- d-----w c:\program files\HP
2009-04-18 20:31 . 2006-11-19 05:08 -------- d-----w c:\program files\Hewlett-Packard
2009-04-18 13:29 . 2008-09-23 00:39 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-17 19:34 . 2006-12-29 17:04 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-04-16 23:49 . 2007-07-27 19:46 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\dvdcss
2009-04-02 23:46 . 2006-11-19 04:33 -------- d-----w c:\program files\Java
2009-03-26 21:49 . 2008-07-30 20:50 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49 . 2008-07-30 20:50 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-21 14:18 . 2004-08-09 21:00 986112 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-11 15:44 . 2006-12-24 03:26 7829 -c--a-w c:\windows\mozver.dat
2009-03-09 10:19 . 2008-12-15 04:35 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-06 14:44 . 2004-08-09 21:00 283648 ----a-w c:\windows\system32\dllcache\pdh.dll
2009-03-04 03:16 . 2009-01-25 17:11 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo
2009-03-03 22:51 . 2009-03-02 21:08 -------- d-----w c:\program files\WinAVI Video Converter
2009-03-03 18:37 . 2009-03-03 18:37 358400 ----a-w c:\windows\system32\drivers\EagleNt.sys
2009-03-03 18:33 . 2009-03-03 18:33 -------- d-----w c:\program files\Gamescampus
2009-02-15 17:54 . 2009-02-15 17:52 103812 ----a-w c:\windows\hpqins07.dat
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 723456 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-09 21:00 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-10 04:00 714752 ----a-w c:\windows\system32\dllcache\ntdll.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\dllcache\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-09 21:00 473088 ----a-w c:\windows\system32\dllcache\fastprox.dll
2009-02-09 10:20 . 2004-08-09 21:00 453120 ----a-w c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:19 . 2004-08-09 21:00 1846272 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-06 17:24 . 2006-12-19 14:17 2180480 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 17:22 . 2006-12-19 14:15 2136064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 17:22 . 2004-08-10 04:00 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 17:14 . 2004-08-09 21:00 110592 ----a-w c:\windows\system32\dllcache\services.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-09 21:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:49 . 2006-12-19 12:55 2015744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 16:49 . 2006-12-19 12:55 2057728 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 16:49 . 2004-08-10 04:00 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 16:39 . 2004-08-09 21:00 227840 ----a-w c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-03 20:08 . 2004-08-09 21:00 55808 ----a-w c:\windows\system32\dllcache\secur32.dll
2007-01-06 00:00 . 2007-01-06 00:00 87608 -c--a-w c:\documents and settings\HP_Administrator\Application Data\ezpinst.exe
2007-01-06 00:00 . 2007-01-06 00:00 47360 -c--a-w c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2006-12-29 03:00 . 2006-12-29 03:00 3056656 -c--a-w c:\program files\LS_Update_1.4.124.1_.exe
2006-12-24 04:20 . 2006-12-24 02:43 139 -c--a-w c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2005-10-31 15:56 . 2005-10-31 15:56 700416 -c--a-w c:\program files\StubInstaller.exe
2008-07-12 20:2008-04-19 15:06 30:56 . c:\program files\mozilla firefox\components\jar50.dll
2008-07-12 20:2008-04-19 15:06 30:56 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\myspell.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\spellchk.dll
2008-07-12 20:2008-04-19 15:06 30:57 . c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-11-12 9495832]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-18 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-24 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-24 14:02 11952 ----a-w c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
backup=c:\windows\pss\dlbcserv.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"abbyy.licensing.finereader.professional.9.0"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AnswersThatWork\\Troubleshooter\\UltimateTroubleshooter.exe"=
"c:\\WINDOWS\\system32\\userinit.exe"=
"c:\\Program Files\\RegCure\\RegCure.exe"=
"c:\\WINDOWS\\ehome\\ehtray.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-24 12552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-24 325896]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-24 108552]
S1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2004-08-18 58016]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-24 298776]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ENTDRV51

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2006-06-06 22:45]

2009-04-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2006-06-06 22:45]

2009-04-15 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-11-12 02:28]

2007-11-12 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-11-12 02:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-24 18:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1152)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(1264)
c:\windows\system32\EntApi.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\program files\Gateway\EzTune\DTSRVC.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-04-24 18:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-24 23:12
ComboFix2.txt 2009-04-24 20:16

Pre-Run: 123,584,180,224 bytes free
Post-Run: 123,564,777,472 bytes free

297 --- E O F --- 2009-04-24 03:36

#9 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 05:15 PM

NEW HIJACK THIS---I WILL NOW DO THE KAPERSKY SCAN

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:55 PM, on 4/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Gateway\EzTune\DTSRVC.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Flock\flock\flock.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=71067
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: aawservice - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Gateway\EzTune\DTSRVC.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 10272 bytes

#10 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 05:38 PM

wont let me install java 13----says : Error 25099. Unzipping core files failed-----hmmmmmmm

#11 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,528
  • Joined: 30-November 05

Posted 24 April 2009 - 07:45 PM

View Postdatdude30, on Apr 24 2009, 07:38 PM, said:

wont let me install java 13----says : Error 25099. Unzipping core files failed-----hmmmmmmm

Which version was installed in your computer? Attempt to Download JRE Version 10.

#12 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 07:50 PM

ok downloading now, anything else i need to do other than run kapersky. hows the logs looking---is it getting there. what do u know so far bro.

#13 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 07:52 PM

grr now it says internal error 2753.regutils.dll

#14 JSntgRvr

  • Group: Global Moderator
  • Posts: 9,528
  • Joined: 30-November 05

Posted 24 April 2009 - 07:53 PM

Seems clear at this point. The system was infected with Trojan Vundo.

#15 datdude30

  • Group: Member
  • Posts: 27
  • Joined: 23-April 09

Posted 24 April 2009 - 07:56 PM

yeah version ten isnt working either dont know if u got that last reply. dang idk.

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3