Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijackthis please help

Started by tommusto , Jun 10 2009 02:32 PM

  • Please log in to reply

#1
tommusto
Posted 10 June 2009 - 02:32 PM

tommusto

    New Member

  • Member
  • Pip
  • 7 posts
My computer has been running really slow. I used avg and trend micro to scan. google links keep sending my to "ivillage.com" and windowsclick

Please look at my log and tell me if i have something please. thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:58 PM, on 6/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [realteke] "C:\Documents and Settings\Compaq_Administrator\Application Data\Google\cijwg16225165.exe" 2
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecu...vex/TmHcmsX.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {a844f589-ebf7-4501-9f42-fe03e65a4333} - C:\WINDOWS\system32\msiebbar.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11249 bytes
  • 0

Advertisements

#2
kahdah
Posted 10 June 2009 - 05:09 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello tommusto

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
tommusto
Posted 10 June 2009 - 11:29 PM

tommusto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ok here it is...it took forever


OTL logfile created on: 6/10/2009 10:22:40 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\61SPGGIL
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 56.18% Memory free
3.78 Gb Paging File | 2.99 Gb Available in Paging File | 79.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 55.41 Gb Free Space | 24.70% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.55 Gb Free Space | 6.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Internet Explorer\Iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\61SPGGIL\OTL[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMNDIS5 [On_Demand | Stopped]) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (727 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [realteke] "C:\Documents and Settings\Compaq_Administrator\Application Data\Google\cijwg16225165.exe" 2 File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl (America Online, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msansspc.dll) - File not found
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 00:02:02 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3eda8328-0c05-11dc-aff1-0018f3956ebf}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 01:26:07 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/06/09 03:24:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/09 03:22:47 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 03:22:47 | 00,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 03:22:44 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 03:22:36 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 03:22:34 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 03:22:29 | 37,018,729 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/09 03:22:29 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 03:22:29 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 03:22:29 | 00,070,980 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 03:22:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/09 03:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVGTOOLBAR
[2009/06/09 03:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/09 03:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/08 23:32:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/08 23:21:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/08 23:21:26 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/08 23:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/08 23:18:32 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/08 23:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/08 23:18:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/31 23:23:33 | 00,751,850 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/05/31 23:11:03 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/31 23:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/31 21:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Ringtones
[2009/05/31 20:31:55 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mp3DirectCut.lnk
[2009/05/31 20:31:54 | 00,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2009/05/31 20:05:45 | 00,004,941 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Phone Contacts list.rtf
[2008/01/22 00:47:53 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/01 00:05:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/22 21:17:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/21 21:37:34 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/09/25 23:02:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:35:55 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/25 22:28:44 | 00,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/25 22:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/25 22:25:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/25 22:16:34 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/25 22:15:20 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/25 22:10:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/25 22:06:43 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/25 22:06:43 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/25 22:06:43 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/25 22:06:42 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/25 22:06:42 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/25 22:06:42 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/25 22:06:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/25 22:05:29 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/25 21:44:30 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/25 21:44:30 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/25 21:44:14 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:02:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 10:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[164 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/10 22:01:43 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/10 22:00:56 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/10 21:59:01 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/10 21:58:07 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/10 21:57:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\desktop.ini
[2009/06/10 21:57:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/10 21:57:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/10 21:57:49 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/10 14:47:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\iTunes.lnk
[2009/06/10 09:17:46 | 37,018,729 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/10 09:17:10 | 00,070,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 23:56:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/09 03:22:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 03:22:47 | 00,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 03:22:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 03:22:36 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 03:22:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 03:22:29 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 03:22:29 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 01:26:07 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/08 23:21:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/08 23:21:20 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/08 23:21:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/08 23:18:32 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/06 07:23:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/31 23:24:20 | 00,751,850 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/05/31 23:11:03 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/31 20:31:55 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mp3DirectCut.lnk
[2009/05/31 20:05:45 | 00,004,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Phone Contacts list.rtf
[2009/05/30 09:25:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2009/06/09 03:22:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/22 15:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/06/08 23:18:34 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/22 23:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/01/30 00:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/01/22 21:18:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/01/22 21:19:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/08/26 12:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/22 20:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/09 03:22:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2006/09/25 22:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/09/25 22:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2006/09/25 22:54:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2007/01/21 21:43:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/11/06 22:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2006/09/25 22:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2006/09/25 22:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/06/08 23:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2007/01/22 23:29:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/01/18 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/18 22:07:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/03/12 21:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/05/31 23:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2008/10/22 21:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008/10/22 22:02:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/09/25 22:06:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/09/25 22:11:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/06/09 01:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/22 22:12:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2008/01/28 23:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/18 23:22:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/01/21 20:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/10/14 21:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/10/14 21:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/06/09 03:22:29 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data
[2009/04/22 23:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
[2009/01/18 19:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
[2009/01/18 19:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Ahead
[2007/01/30 00:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Aim
[2009/01/18 19:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Apple Computer
[2009/01/18 19:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ArcSoft
[2009/06/10 00:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVGTOOLBAR
[2007/02/06 00:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\CyberLink
[2009/06/10 22:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\DNA
[2008/11/06 22:49:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GARMIN
[2009/01/18 23:04:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
[2007/01/23 00:00:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Help
[2007/01/21 22:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HP
[2007/01/28 12:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\HPQ
[2005/11/14 21:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
[2006/09/25 22:25:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
[2007/01/22 21:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2007/01/21 22:06:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
[2009/01/18 22:28:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
[2009/06/09 03:21:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
[2008/03/12 21:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NCH Swift Sound
[2007/03/08 00:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NeroDCTemplates
[2007/01/22 22:16:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
[2007/01/22 21:28:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sonic
[2007/01/21 22:05:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
[2007/01/22 22:26:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint
[2007/07/16 21:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2009/01/18 19:46:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo
[2008/10/14 21:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
[2009/06/08 23:21:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/06/06 07:23:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/10 22:00:56 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/06/10 21:57:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >


















GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-11 01:26:55
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 89E44010 ZwEnumerateKey
Code 89F26118 ZwFlushInstructionCache
Code 89EAF116 IofCallDriver
Code 89AA0676 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 89EAF11B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 89AA067B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 89F2611C
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 89E44014

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[260] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A5000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F6F9F0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F70A60 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00F708A0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F70780 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00F6FDA0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[444] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F6FFD0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[496] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[496] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009C000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006E000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006F000A
.text C:\WINDOWS\arservice.exe[564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008E000A
.text C:\WINDOWS\arservice.exe[564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008F000A
.text C:\Program Files\Messenger\msmsgs.exe[612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Program Files\Messenger\msmsgs.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[620] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0072000A
.text C:\WINDOWS\ehome\ehtray.exe[692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\ehome\ehtray.exe[692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\RTHDCPL.EXE[704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A6000A
.text C:\WINDOWS\RTHDCPL.EXE[704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A7000A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0095000A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\WINDOWS\ARPWRMSG.EXE[728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0086000A
.text C:\WINDOWS\ARPWRMSG.EXE[728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\WINDOWS\eHome\ehRecvr.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehRecvr.exe[888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0063000A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[1128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B7000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1148] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B8000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008D000A
.text C:\Program Files\Windows Defender\MsMpEng.exe[1176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008E000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B8000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[1192] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\WDBtnMgr.exe[1296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\WDBtnMgr.exe[1296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E000A
.text C:\WINDOWS\eHome\ehSched.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0060000A
.text C:\WINDOWS\eHome\ehSched.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0061000A
.text C:\PROGRA~1\AIM\aim.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3000A
.text C:\PROGRA~1\AIM\aim.exe[1504] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\spoolsv.exe[1664] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0073000A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0074000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B8000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[1900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B9000A
.text C:\Documents and Settings\Compaq_Administrator\My Documents\vhukjmfj.exe[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\Documents and Settings\Compaq_Administrator\My Documents\vhukjmfj.exe[1976] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A0000A
.text C:\WINDOWS\eHome\ehmsas.exe[1980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehmsas.exe[1980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088000A
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[2044] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\nvsvc32.exe[2060] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\nvsvc32.exe[2060] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006E000A
.text c:\windows\system\hpsysdrv.exe[2076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text c:\windows\system\hpsysdrv.exe[2076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0095000A
.text C:\Program Files\DNA\btdna.exe[2280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A2000A
.text C:\Program Files\DNA\btdna.exe[2280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A3000A
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2292] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2292] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2412] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0061000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0062000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2640] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007C000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2640] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007D000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0074000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0076000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D5000A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D6000A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BB000A
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BD000A
.text C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D1000A
.text C:\Program Files\Windows Defender\MSASCui.exe[2948] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2968] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BC000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BD000A
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[3036] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CE000A
.text C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe[3036] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CF000A
.text C:\WINDOWS\notepad.exe[3064] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\notepad.exe[3064] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[3276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0078000A
.text C:\HP\KBD\KBD.EXE[3432] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\HP\KBD\KBD.EXE[3432] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00EA000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F6F9F0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F70A60 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00F708A0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F70780 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00F6FDA0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3596] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F6FFD0 \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0099000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009A000A
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[3668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\My Book\WD Backup\uBBMonitor.exe[3668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\iPod\bin\iPodService.exe[3772] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0076000A
.text C:\Program Files\iPod\bin\iPodService.exe[3772] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\alg.exe[3896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\WINDOWS\System32\alg.exe[3896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0071000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [61119CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61118AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61118AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [61118BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61119C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61119D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [61119CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61118C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61118AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61118B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61119218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61118BEF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61118AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [61119C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[2888] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61119601] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [444] 0x00F60000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [488] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [488] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [992] 0x02E70000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1080] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1080] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1220] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1220] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1264] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1264] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1372] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1372] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2044] 0x00D10000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2136] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2136] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2204] 0x00A10000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2204] 0x00AC0000
Library \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3596] 0x00F60000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACjvchcqhmxjcyqhf.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACjvchcqhmxjcyqhf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACjvchcqhmxjcyqhf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyoglbyjbicatgpe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACgsnvdsbbpvwcbkv.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACsaglxerpfycwexe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvealkxejxixjflx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgvtgybkarxnnvws.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACupvjrxjsttpdjiy.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACcpseminqdlyduug.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACupgytomjrhlnrqo.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACymgdryllhastuvf.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACjvchcqhmxjcyqhf.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACjvchcqhmxjcyqhf.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACyoglbyjbicatgpe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACgsnvdsbbpvwcbkv.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACsaglxerpfycwexe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACvealkxejxixjflx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgvtgybkarxnnvws.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACupvjrxjsttpdjiy.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACfpcfxrxwqqaxdrb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACnfoffypsfdhrvvf.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACcpseminqdlyduug.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACupgytomjrhlnrqo.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACymgdryllhastuvf.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\uacfpcfxrxwqqaxdrb.dll.f376ca4a672e76102b96ef6c3247e0.aawqff 30212 bytes
File C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\uacnfoffypsfdhrvvf.dll.8f64756049a5187f0355adf45677239.aawqff 66564 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\UAC38b3.tmp 343040 bytes executable
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\iframex[1].js 8027 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\ads_feedback_sprite[1].gif 544 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\3ev5w1rjftmoo8so.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\b4qu3ahvuy0oowwk.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\base[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\q1296468749_9056[1].jpg 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\q582861017_9436[1].jpg 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\4w0b6re0rcowksk8.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\ak27qgirdg8cwssg.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\app_full_proxy[1].jpg 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\ar2mnynbl5sk0cg4.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BI4IB1XR\chpyi0cgglwsw0sw.pkg[1].js 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BLJ3QD1C\q9310008_1101[1].jpg 2547 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BLJ3QD1C\UIGridRenderer[1].css 0 bytes
File C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\BLJ3QD1C\fbjs[1].js 0 bytes
File C:\WINDOWS\system32\drivers\UACjvchcqhmxjcyqhf.sys 53248 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACcpseminqdlyduug.log 21402 bytes
File C:\WINDOWS\system32\UACfpcfxrxwqqaxdrb.dll 30208 bytes executable
File C:\WINDOWS\system32\UACgsnvdsbbpvwcbkv.dat 224 bytes
File C:\WINDOWS\system32\UACgvtgybkarxnnvws.dll 19456 bytes executable
File C:\WINDOWS\system32\uacinit.dll 6117 bytes
File C:\WINDOWS\system32\UACnfoffypsfdhrvvf.dll 66560 bytes
File C:\WINDOWS\system32\UACsaglxerpfycwexe.dll 19968 bytes executable
File C:\WINDOWS\system32\uactmp.db 3976714 bytes
File C:\WINDOWS\system32\UACupvjrxjsttpdjiy.db 1110399 bytes
File C:\WINDOWS\system32\UACvealkxejxixjflx.dll 17408 bytes executable
File C:\WINDOWS\system32\UACyoglbyjbicatgpe.dll 25088 bytes executable
File C:\WINDOWS\Temp\UAC64b0.tmp 66560 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah
Posted 11 June 2009 - 05:20 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
tommusto
Posted 11 June 2009 - 10:57 AM

tommusto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
combofix is ot allowing me to open it up..its not working...i have malwarebytes also..and the computer doesnt allow me to open that program either
  • 0

#6
kahdah
Posted 11 June 2009 - 11:37 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Delete Combofix from off of your desktop then do the following:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#7
tommusto
Posted 11 June 2009 - 12:48 PM

tommusto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 09-06-11.03 - Compaq_Administrator 06/11/2009 14:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1495 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\drivers\UACjvchcqhmxjcyqhf.sys
c:\windows\system32\UACcpseminqdlyduug.log
c:\windows\system32\UACfpcfxrxwqqaxdrb.dll
c:\windows\system32\UACgsnvdsbbpvwcbkv.dat
c:\windows\system32\UACgvtgybkarxnnvws.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnfoffypsfdhrvvf.dll
c:\windows\system32\UACsaglxerpfycwexe.dll
c:\windows\system32\UACupgytomjrhlnrqo.log
c:\windows\system32\UACupvjrxjsttpdjiy.db
c:\windows\system32\UACvealkxejxixjflx.dll
c:\windows\system32\UACymgdryllhastuvf.log
c:\windows\system32\UACyoglbyjbicatgpe.dll
c:\windows\wiaservv.log
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
.

2009-06-09 07:24 . 2009-06-11 09:16 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-09 07:22 . 2009-06-09 07:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-09 07:22 . 2009-06-09 07:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-09 07:22 . 2009-06-09 07:22 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-09 07:22 . 2009-06-09 07:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-09 07:22 . 2009-06-11 13:39 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-09 07:22 . 2009-06-10 04:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVGTOOLBAR
2009-06-09 07:22 . 2009-06-09 07:22 -------- d-----w- c:\program files\AVG
2009-06-09 07:22 . 2009-06-09 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-09 03:32 . 2009-06-09 03:21 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-09 03:20 . 2009-06-09 03:20 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-09 03:18 . 2009-06-09 03:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-09 03:18 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-09 03:18 . 2009-06-09 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-09 03:18 . 2009-06-09 03:18 -------- d-----w- c:\program files\Lavasoft
2009-06-01 03:11 . 2009-06-01 03:11 -------- d-----w- c:\program files\Trend Micro
2009-06-01 00:31 . 2009-06-01 00:31 -------- d-----w- c:\program files\mp3DirectCut

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 18:27 . 2008-11-06 02:23 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DNA
2009-06-11 17:03 . 2008-11-06 02:23 -------- d-----w- c:\program files\DNA
2009-06-10 20:42 . 2007-01-23 00:44 -------- d-----w- c:\program files\Soulseek
2009-06-09 05:26 . 2007-04-18 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 05:26 . 2007-04-18 03:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 02:54 . 2008-07-08 21:30 -------- d-----w- c:\program files\Common
2009-06-01 03:28 . 2008-10-23 02:44 -------- d-----w- c:\program files\Norton AntiVirus
2009-06-01 03:28 . 2008-10-23 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-01 03:26 . 2006-09-26 02:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-30 13:25 . 2008-01-28 04:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-07 07:04 . 2007-09-30 02:47 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-04-13 05:24 . 2009-04-13 05:24 -------- d-----w- c:\program files\NortonInstaller
2009-03-22 19:07 . 2009-03-22 19:07 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"AIM"="c:\progra~1\AIM\aim.exe" [2004-12-08 67160]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-09 518488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-09 1947928]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-01-24 339968]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-25 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-25 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2007-1-23 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-09 07:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/8/2009 11:21 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/9/2009 3:22 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/9/2009 3:22 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/9/2009 3:22 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/9/2009 3:22 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 Bfcsdaac;Bfcsdaac; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:21]

2009-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-06-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realteke - c:\documents and settings\Compaq_Administrator\Application Data\Google\cijwg16225165.exe
HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-11 14:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-11 14:38
ComboFix-quarantined-files.txt 2009-06-11 18:38

Pre-Run: 61,669,376,000 bytes free
Post-Run: 62,223,839,232 bytes free

203 --- E O F --- 2009-06-08 19:16
  • 0

#8
kahdah
Posted 11 June 2009 - 06:55 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#9
tommusto
Posted 11 June 2009 - 09:11 PM

tommusto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes' Anti-Malware 1.37
Database version: 2265
Windows 5.1.2600 Service Pack 3

6/11/2009 11:00:49 PM
mbam-log-2009-06-11 (23-00-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 254574
Time elapsed: 52 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{331cf7ad-4ff8-47f8-bbfb-04eed85c4652} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{51c0946f-938e-4909-a128-8a2f688df31a} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f32d7d45-1750-48da-9cac-c6216972bb33} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\online services\PeoplePC\ISP5900\utilities\AtlBrowser.exe (Dialer) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACfpcfxrxwqqaxdrb.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACgvtgybkarxnnvws.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACnfoffypsfdhrvvf.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACsaglxerpfycwexe.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACvealkxejxixjflx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACyoglbyjbicatgpe.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\drivers\UACjvchcqhmxjcyqhf.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045774.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045775.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045776.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045777.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045778.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045779.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{106cf321-99a3-4e3a-9103-1bd027606a99}\RP709\A0045780.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ConTest.dll (Adware.Ascentive) -> Quarantined and deleted successfully.




OTL logfile created on: 6/11/2009 11:09:38 PM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 64.89% Memory free
3.78 Gb Paging File | 3.19 Gb Available in Paging File | 84.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.30 Gb Total Space | 57.84 Gb Free Space | 25.79% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.55 Gb Free Space | 6.46% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-4DACD0EA75
Current User Name: Compaq_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
PRC - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ARSVC [Auto | Running]) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Symantec Core LC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSX_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ps2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMNDIS5 [On_Demand | Stopped]) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (winachsx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (727 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [WD Button Manager] WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl (America Online, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} http://www.trendsecu...vex/TmHcmsX.CAB (TmHcmsX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 00:02:02 | 00,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 23:08:42 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/06/11 23:08:41 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/06/11 21:25:00 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/11 21:24:57 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/11 21:24:56 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/11 21:24:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/11 21:20:33 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\My Documents\mbam-setup.exe
[2009/06/11 21:18:41 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/06/11 21:18:41 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/06/11 21:18:40 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/06/11 21:18:40 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/06/11 21:18:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/06/11 21:18:37 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/06/11 21:18:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/06/11 21:18:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/06/11 21:18:37 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/06/11 21:18:36 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/06/11 21:18:36 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2009/06/11 21:18:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/06/11 21:18:35 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/06/11 21:18:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/06/11 21:18:35 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/06/11 21:18:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/06/11 21:18:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/06/11 21:18:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/06/11 21:18:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/06/11 14:38:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\temp
[2009/06/11 14:35:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/11 14:17:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/11 14:17:53 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/11 14:17:53 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/11 14:17:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/11 14:17:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/11 14:17:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/11 14:17:53 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/11 14:17:53 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/11 14:17:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/11 14:17:42 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/06/11 14:17:03 | 03,021,344 | R--- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Combo-Fix.exe
[2009/06/11 12:31:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/10 22:24:36 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\vhukjmfj.exe
[2009/06/09 03:24:48 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/06/09 03:22:47 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 03:22:47 | 00,001,515 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 03:22:44 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 03:22:36 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 03:22:34 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 03:22:29 | 37,035,801 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/09 03:22:29 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 03:22:29 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 03:22:29 | 00,074,578 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/09 03:22:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/06/09 03:22:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVGTOOLBAR
[2009/06/09 03:22:19 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/06/09 03:22:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/06/08 23:32:37 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/08 23:21:35 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/08 23:21:26 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/08 23:18:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/08 23:18:32 | 00,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/08 23:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/06/08 23:18:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/08 22:53:50 | 03,976,714 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2009/05/31 23:23:33 | 00,751,850 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/05/31 23:11:03 | 00,001,742 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/31 23:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/31 21:33:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\My Documents\Ringtones
[2009/05/31 20:31:55 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mp3DirectCut.lnk
[2009/05/31 20:31:54 | 00,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2009/05/31 20:05:45 | 00,004,941 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Phone Contacts list.rtf
[2008/01/22 00:47:53 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/02/01 00:05:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/22 21:17:37 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/21 21:37:34 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/09/25 23:02:14 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/25 22:35:55 | 00,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/09/25 22:28:44 | 00,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/09/25 22:28:36 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/09/25 22:25:34 | 00,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/25 22:16:34 | 00,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/09/25 22:15:20 | 00,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/09/25 22:10:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/09/25 22:06:43 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/09/25 22:06:43 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/09/25 22:06:43 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/09/25 22:06:42 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/09/25 22:06:42 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/09/25 22:06:42 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/09/25 22:06:42 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/25 22:05:29 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/09/25 21:44:30 | 00,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/09/25 21:44:30 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/09/25 21:44:14 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:02:00 | 00,000,562 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/30 16:52:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 00,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 10:51:38 | 00,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Files - Modified Within 30 Days ==========

[164 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/06/11 23:08:45 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2009/06/11 23:05:58 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/06/11 23:04:52 | 00,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/06/11 23:03:20 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/11 23:03:05 | 00,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/11 23:03:01 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\desktop.ini
[2009/06/11 23:02:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/11 23:02:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/11 23:02:52 | 20,788,55168 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/11 21:32:51 | 00,298,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/11 21:29:01 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/11 21:28:44 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\My Documents\mbam-setup.exe
[2009/06/11 14:36:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/11 14:17:22 | 03,021,344 | R--- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Combo-Fix.exe
[2009/06/11 13:02:30 | 03,976,714 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/06/11 09:39:42 | 37,035,801 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/11 09:39:27 | 00,074,578 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/10 22:24:42 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\vhukjmfj.exe
[2009/06/10 14:47:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\iTunes.lnk
[2009/06/09 23:56:55 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/09 03:22:47 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/06/09 03:22:47 | 00,001,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/06/09 03:22:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/06/09 03:22:36 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/06/09 03:22:34 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/06/09 03:22:29 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/06/09 03:22:29 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/06/09 01:26:07 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/06/08 23:21:35 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/08 23:21:20 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/06/08 23:21:09 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/06/08 23:18:32 | 00,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/06/06 07:23:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/31 23:24:20 | 00,751,850 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2009/05/31 23:11:03 | 00,001,742 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.lnk
[2009/05/31 20:31:55 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\mp3DirectCut.lnk
[2009/05/31 20:05:45 | 00,004,941 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\My Documents\Phone Contacts list.rtf
[2009/05/30 09:25:15 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >
  • 0

#10
kahdah
Posted 12 June 2009 - 06:07 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Your logs are clean how are things running?
  • 0

#11
tommusto
Posted 12 June 2009 - 11:05 AM

tommusto

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
a little better
  • 0

#12
kahdah
Posted 12 June 2009 - 12:08 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok well what else seems to be happening?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP