Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

2 trojans found and Unload pop up


  • Please log in to reply

#1
EricaL

EricaL

    Member

  • Member
  • PipPip
  • 13 posts
My AVG found 2 trojans this morning, both moved to the virus vault. I am having a constant pop up where windows installer is trying to install Unload.msi.
I've ran TFC, ERUNT, MBAM and tried to run GMER. after 2 hours it started not responding and would not let me copy or save what it had up to that point.
My MBAM and OTL log are below. Please help me get rid of this pop up.


Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 5.1.2600 Service Pack 3

5/25/2010 7:52:14 AM
mbam-log-2010-05-25 (07-52-14).txt

Scan type: Quick Scan
Objects scanned: 104533
Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.


OTL logfile created on: 5/25/2010 11:03:05 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 151.58 Gb Free Space | 67.56% Space Free | Partition Type: NTFS
Drive D: | 8.50 Gb Total Space | 1.13 Gb Free Space | 13.30% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICA
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/25 11:01:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
PRC - [2010/04/21 08:18:22 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 08:18:21 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/10 08:41:29 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/07 11:12:07 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/07 11:12:04 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/07 11:12:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/03 16:24:23 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/23 03:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/04 13:12:15 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2005/08/03 03:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/05/25 11:01:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/07 11:12:01 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/23 14:04:14 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 08:18:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/07 11:13:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/07 11:13:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/02 13:49:32 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/25 17:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2008/07/29 22:30:37 | 000,093,696 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/18 17:34:11 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/09 05:53:00 | 007,434,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/08/29 18:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/07/04 03:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/06/17 17:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 18:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 18:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 18:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 14:05:44 | 000,141,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Icam3.sys -- (ICAM3NT5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: [email protected]:4.504.019.002
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/21 09:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 13:43:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/05/21 17:43:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 11:08:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 16:24:29 | 000,000,000 | ---D | M]

[2009/02/15 13:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/05/24 15:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions
[2009/09/02 09:12:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/12 13:59:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/08 23:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\[email protected]
[2010/05/24 15:51:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 14:19:15 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2009/06/24 09:45:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers...eminfo/MSC3.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.163.32.51 216.163.32.52
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/12 12:27:37 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/09/01 15:12:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JDCT - C:\WINDOWS\System32\jl_jdct.drv (JEILIN Tech.)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/25 11:01:28 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2010/05/25 08:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\gmer
[2010/05/24 14:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ms3
[2010/05/06 14:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/06 14:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\skypePM
[2010/05/06 14:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/06 14:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Skype
[2010/05/06 14:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/06 14:18:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/06 14:18:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/06 14:12:43 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Documents and Settings\HP_Administrator\My Documents\SkypeSetup.exe
[2010/04/24 08:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\Unused Desktop Shortcuts
[2010/04/07 11:13:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/04/07 11:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/07 10:08:37 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\My Documents\avg_free_stb_all_9_114_cnet.exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/25 11:01:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\My Documents\OTL.exe
[2010/05/25 11:01:02 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/05/25 10:59:15 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/25 10:57:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/25 10:57:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/25 10:57:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/25 10:57:00 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/25 08:22:39 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/05/25 08:15:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
[2010/05/25 08:14:41 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/05/25 07:55:41 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/25 07:54:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/05/25 00:31:04 | 060,343,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/24 20:57:34 | 000,003,368 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2010/05/21 21:23:45 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeSchedule.job
[2010/05/19 11:38:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/18 18:26:13 | 000,080,523 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\The_Boondock_Saints_Wallpaper_2.jpg
[2010/05/18 18:25:25 | 000,038,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\boondocksaints1.jpg
[2010/05/18 18:24:50 | 000,642,794 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Teamwork-the-boondock-saints-6748562-1400-933.jpg
[2010/05/18 18:24:04 | 000,018,217 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\The-Boondock-Saints.jpg
[2010/05/18 18:20:33 | 000,066,843 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\sean_wp001_1024.jpg
[2010/05/18 18:19:23 | 000,027,261 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\seanpatrickflanery.jpg
[2010/05/18 18:19:03 | 000,019,647 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\11910288_gal.jpg
[2010/05/18 18:16:52 | 000,014,045 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\spflanery1am.jpg
[2010/05/17 20:18:37 | 000,045,794 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\51EBPsrKeDL._SS500_.jpg
[2010/05/17 20:15:12 | 000,028,265 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\BoondockSaintsPrayer2.jpg
[2010/05/17 12:17:42 | 000,045,463 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SPF232.jpg
[2010/05/17 12:13:15 | 000,083,465 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\SPF5a1da69579a2.jpg
[2010/05/12 15:40:27 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/06 14:24:50 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/06 14:20:49 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 14:13:05 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\HP_Administrator\My Documents\SkypeSetup.exe
[2010/04/21 08:18:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/04/15 05:05:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/07 11:13:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/04/07 11:13:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/04/07 11:13:17 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/04/07 11:13:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/04/07 11:13:15 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/04/07 10:08:56 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Administrator\My Documents\avg_free_stb_all_9_114_cnet.exe
[2010/03/16 15:43:57 | 000,528,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/16 15:43:57 | 000,445,348 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/16 15:43:57 | 000,074,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/11 08:14:09 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 08:22:38 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\gmer.zip
[2010/05/18 18:26:12 | 000,080,523 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\The_Boondock_Saints_Wallpaper_2.jpg
[2010/05/18 18:25:25 | 000,038,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\boondocksaints1.jpg
[2010/05/18 18:24:49 | 000,642,794 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Teamwork-the-boondock-saints-6748562-1400-933.jpg
[2010/05/18 18:24:04 | 000,018,217 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\The-Boondock-Saints.jpg
[2010/05/18 18:20:32 | 000,066,843 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\sean_wp001_1024.jpg
[2010/05/18 18:19:23 | 000,027,261 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\seanpatrickflanery.jpg
[2010/05/18 18:19:03 | 000,019,647 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\11910288_gal.jpg
[2010/05/18 18:16:52 | 000,014,045 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\spflanery1am.jpg
[2010/05/17 20:18:37 | 000,045,794 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\51EBPsrKeDL._SS500_.jpg
[2010/05/17 20:15:12 | 000,028,265 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\BoondockSaintsPrayer2.jpg
[2010/05/17 12:17:41 | 000,045,463 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SPF232.jpg
[2010/05/17 12:13:14 | 000,083,465 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\SPF5a1da69579a2.jpg
[2010/05/06 14:44:33 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 14:44:33 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 14:24:50 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/05/06 14:20:49 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/06 14:18:37 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/19 14:09:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
[2010/04/07 11:13:17 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/07 11:23:09 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/07 11:23:09 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/01/08 20:24:06 | 000,000,210 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/05/20 16:34:14 | 000,000,585 | ---- | C] () -- C:\WINDOWS\Vampire.INI
[2009/02/10 20:14:12 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008/04/08 17:58:07 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2008/03/18 17:34:11 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/01/09 05:53:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/09 05:53:00 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/09 05:53:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/09 05:53:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/09 05:53:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/05 14:41:11 | 000,000,290 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/03 20:29:51 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/06/03 20:28:58 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/03 20:27:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/06/03 20:26:00 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/03 20:24:05 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2005/11/12 12:56:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/12 12:35:51 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/12 12:30:47 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/12 12:30:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/12 12:28:15 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/12 12:24:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/12 12:20:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/12 12:20:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/12 12:20:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/12 12:20:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/12 12:20:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/12 12:20:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/12 12:14:27 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/12 12:13:30 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/12 12:01:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/12 11:45:27 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/12 11:38:59 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/12 11:38:59 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/12 11:38:40 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 16:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/07/26 18:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/19 20:05:18 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/05/05 08:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/07 11:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/12/26 17:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2006/04/11 20:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/04/20 08:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Funcom
[2010/02/07 11:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/02/07 11:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager
[2009/12/26 16:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/11/12 12:27:37 | 000,000,100 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/06/03 22:26:56 | 000,000,211 | RHS- | M] () -- C:\BOOT.BAK
[2009/02/12 16:12:14 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/10 08:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2005/08/31 08:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2005/11/12 12:30:08 | 000,000,000 | ---- | M] () -- C:\FailKeys.log
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/05/25 10:57:00 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/31 08:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/13 12:23:47 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/15 18:48:59 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2008/10/15 18:48:59 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/05/25 10:56:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2005/11/12 12:30:08 | 000,000,121 | ---- | M] () -- C:\PassKeys.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/02 13:25:48 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/31 00:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/31 00:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/31 00:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/07 11:13:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010/04/07 11:13:34 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/04/21 08:18:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


Again I could not get the GMER to run properly and no reports to share with you at this time.
Any help is greatly appreciated.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
Try the Windows Installer cleanup utility for your unload.msi problem.

http://support.micro...kb;en-us;290301

then let's run combofix as follows:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus program at this time :!:

Ron
  • 0

#3
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi I'm sorry I wasn't able to reply sooner. I've been sick and haven't been able to get back here. Here's what's happening now. The unload pop up is gone however this morning AVG picked up 8 trojans! all successfully moved to the virus vault. they are in my HP digital imaging and system volume control.
I am having my volume bar pop up about every minute and stays there for about 30 seconds goes away and pops back up. How do I get rid of that? I'm going to DL the combo fix as suggested in your reply. I'll post when I have the reports for you. Thanks for taking the time to answer me and sorry again for not getting back to you sooner.

Edited to add the combofix log.

ComboFix 10-06-03.01 - HP_Administrator 06/04/2010 10:20:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1531 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\george.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Temp
c:\windows\system32\VB40032.DLL

.
((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-02 13:21 . 2010-06-02 13:21 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cfcb5a8-n\msvcp71.dll
2010-06-02 13:21 . 2010-06-02 13:21 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cfcb5a8-n\jmc.dll
2010-06-02 13:21 . 2010-06-02 13:21 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1cfcb5a8-n\msvcr71.dll
2010-06-02 13:20 . 2010-06-02 13:20 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e0c5aac-n\decora-sse.dll
2010-06-02 13:20 . 2010-06-02 13:20 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5e0c5aac-n\decora-d3d.dll
2010-06-02 13:20 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-02 13:00 . 2010-06-02 13:00 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-02 13:00 . 2010-06-02 13:00 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-05-31 00:49 . 2010-05-31 00:52 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Temp
2010-05-25 05:43 . 2010-05-25 05:43 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b6c1330-n\msvcp71.dll
2010-05-25 05:43 . 2010-05-25 05:43 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b6c1330-n\jmc.dll
2010-05-25 05:43 . 2010-05-25 05:43 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3b6c1330-n\msvcr71.dll
2010-05-06 21:04 . 2001-08-18 02:36 26624 ----a-w- c:\windows\system32\Icam3EXT.dll
2010-05-06 21:04 . 2001-08-18 02:36 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2010-05-06 21:04 . 2001-08-17 18:05 141056 ----a-w- c:\windows\system32\drivers\Icam3.sys
2010-05-06 21:04 . 2001-08-17 18:05 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2010-05-06 18:49 . 2010-05-06 18:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-06 18:20 . 2010-06-03 12:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2010-05-06 18:20 . 2010-05-06 18:20 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-06 18:19 . 2010-05-06 18:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-06 18:19 . 2010-06-03 23:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2010-05-06 18:18 . 2010-05-06 18:18 -------- d-----w- c:\program files\Common Files\Skype
2010-05-06 18:18 . 2010-05-06 18:19 -------- d-----r- c:\program files\Skype
2010-05-06 18:18 . 2010-05-06 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 14:16 . 2009-06-25 13:51 -------- d-----w- c:\program files\McAfee
2010-06-04 14:16 . 2009-04-03 02:23 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 14:15 . 2010-04-19 18:09 0 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\prvlcl.dat
2010-06-04 14:01 . 2005-11-12 15:42 -------- d-----w- c:\program files\GemMaster
2010-06-02 13:21 . 2005-11-12 15:48 -------- d-----w- c:\program files\Common Files\Java
2010-06-02 13:20 . 2005-11-12 15:48 -------- d-----w- c:\program files\Java
2010-06-02 13:00 . 2009-01-18 22:43 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 13:00 . 2009-01-18 22:43 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-27 00:18 . 2009-12-22 01:10 3810 ----a-w- c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2010-05-25 12:25 . 2005-11-12 16:26 -------- d-----w- c:\program files\muvee Technologies
2010-05-25 12:23 . 2009-08-10 15:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IGN_DLM
2010-05-21 22:59 . 2006-02-03 03:05 -------- d-----w- c:\program files\World of Warcraft
2010-05-14 17:50 . 2009-12-23 18:53 -------- d-----w- c:\program files\RoughDraft
2010-05-06 18:24 . 2005-11-12 16:40 -------- d-----w- c:\program files\Google
2010-05-05 12:12 . 2009-07-01 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-27 20:22 . 2007-12-11 00:57 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2010-04-27 20:22 . 2007-12-11 00:57 -------- d-----w- c:\program files\Yahoo!
2010-04-27 20:22 . 2010-04-27 20:22 862872 ------w- c:\documents and settings\HP_Administrator\Application Data\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe
2010-04-08 13:57 . 2010-04-08 13:56 19900192 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
2010-04-07 15:13 . 2009-01-18 22:43 -------- d-----w- c:\program files\AVG
2010-04-07 15:13 . 2009-01-18 22:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-07 15:13 . 2009-01-18 22:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-07 15:10 . 2010-04-07 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-16 16:46 . 2010-03-16 16:46 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-16 14:42 . 2010-03-16 14:42 79488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-11 12:38 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-10 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-10 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2006-02-07 01:45 . 2006-02-07 01:45 373760 ----a-w- c:\program files\WinRAR.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-04 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-09 8523776]
"nwiz"="nwiz.exe" [2008-01-09 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-09 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-12 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-07 15:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.3.0.11159-to-3.3.2.11403-enUS-downloader.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/18/2009 6:43 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/18/2009 6:43 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/7/2010 11:12 AM 308064]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/25/2009 9:52 AM 93320]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/18/2008 5:34 PM 717296]
S2 gupdate1caed48b02abea0;Google Update Service (gupdate1caed48b02abea0);c:\program files\Google\Update\GoogleUpdate.exe [5/6/2010 2:19 PM 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/7/2010 11:13 AM 369920]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys --> c:\windows\system32\drivers\bcgame.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:19]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 18:19]

2010-05-22 c:\windows\Tasks\HPCeeSchedule.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2005-09-09 03:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
AddRemove-Birth of the Federation version 1.0.2 - c:\botf\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 10:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-04 10:27:20
ComboFix-quarantined-files.txt 2010-06-04 14:27

Pre-Run: 162,190,356,480 bytes free
Post-Run: 162,192,044,032 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 91D3D732877ADF235F8D3D10C5B2814C

Edited by EricaL, 04 June 2010 - 08:31 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
I don't see anything obvious. The stuff mbam and combofix found are harmless tho it's not clear why gmer didn't run. Sounds to me like AVG has had some false positives on some HP drivers. What model number PC do you have?

1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check.

Download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

We can try a couple of online scans that are both very good and see if they find anything. Be warned the first one takes several hours to complete.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the much faster BitDefender scan

http://www.bitdefend...nline/free.html

Ron
  • 0

#5
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Ron. Thanks for your quick reply. The model number of my computer is a1330n.
I ran the Check Disk said the volume is clean.
I'm going to post the logs in the order you gave them to me. before I do, ESet would not run! I tried repeatedly on both Firefox and IE and it would not go beyond 6% downloading virus signature database. It would pause at 6% then quickly go to 100% with Unexpected error 2002 and would go no further. even restarting did not help. I was able to completely run the others though.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/06/2010 1:51:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/06/2010 10:50:18 AM
Type: error Category: 0
Event: 7011 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for a transaction response from the ARSVC service.

Log: 'System' Date/Time: 02/06/2010 9:14:22 AM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ftsata2

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/06/2010 10:53:15 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 31/05/2010 5:51:45 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 31/05/2010 8:37:14 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/06/2010 1:52:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/05/2010 12:20:31 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 9.0.0.2152, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 25/05/2010 11:41:53 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 10:59:46 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 10:59:36 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 9:09:03 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 8:53:21 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 8:15:42 AM
Type: error Category: 0
Event: 11500 Source: MsiInstaller
Product: Java™ 6 Update 20 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Log: 'Application' Date/Time: 25/05/2010 7:58:52 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:58:47 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:58:15 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:57:35 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:42:27 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:25:19 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 25/05/2010 7:21:22 AM
Type: error Category: 0
Event: 11706 Source: MsiInstaller
Product: Unload -- Error 1706.No valid source could be found for product Unload. The Windows Installer cannot continue.

Log: 'Application' Date/Time: 09/05/2010 1:37:18 PM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application yahoomessenger.exe, version 9.0.0.2152, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0001aa21.

Log: 'Application' Date/Time: 05/05/2010 8:12:54 AM
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application firefox.exe, version 1.9.2.3743, faulting module mcbrwctl.dll, version 3.0.1.163, fault address 0x0001e17d.

Log: 'Application' Date/Time: 05/05/2010 7:30:25 AM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1198083615.

Log: 'Application' Date/Time: 04/05/2010 11:40:00 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application YahooMessenger.exe, version 9.0.0.2152, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 01/04/2010 10:47:09 AM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 229465369.

Log: 'Application' Date/Time: 01/04/2010 10:46:31 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application Updates from HP.exe, version 6.3.2.116, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/05/2010 10:59:46 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 10:59:46 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 10:59:37 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 10:59:37 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 10:58:30 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 10:58:30 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 10:58:17 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 10:58:17 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 9:09:05 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 9:09:05 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 9:08:21 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 9:08:21 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 9:08:16 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 9:08:16 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 9:08:05 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 9:08:05 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 8:53:24 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 8:53:24 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

Log: 'Application' Date/Time: 25/05/2010 8:52:52 AM
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload' failed during request for component '{2E1790B1-CEF3-11D5-AF55-00C04F6BF3E7}'

Log: 'Application' Date/Time: 25/05/2010 8:52:52 AM
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}', feature 'Unload', component '{AF4FF973-B20A-11D5-AF52-00C04F6BF3E7}' failed. The resource 'c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe' does not exist.

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Fri Jun 04 14:51:52 2010
Machine ID: 7425B19B



No infection found.
-------------------



Processes
---------
<unsigned> Catalyst Control Centre 3020 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
<unsigned> Catalyst Control Centre 2924 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> Hewlett-Packard Company KBD EXE 2528 C:\HP\KBD\KBD.EXE
<unsigned> hp digital imaging - hp all-in-one seri 2332 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> hp digital imaging - hp all-in-one seri 3056 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<unsigned> hpsysdrv 3192 C:\windows\system\hpsysdrv.exe
<unsigned> LightScribe 220 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> RunnerEXE Application 3088 C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
<unsigned> SG Browser Hijacking Protection 3776 C:\Program Files\SpywareGuard\sgbhp.exe
<unsigned> SpywareGuard 3136 C:\Program Files\SpywareGuard\sgmain.exe

<verified> ARPowerMsg Application 2148 C:\WINDOWS\ARPWRMSG.EXE
<verified> hpwuSchd Application 2436 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<verified> Apple Mobile Device Service 1004 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> ARSVC Application 1200 C:\WINDOWS\arservice.exe
<verified> ATI External Event Utility for Windows 824 C:\WINDOWS\system32\Ati2evxx.exe
<verified> ATI External Event Utility for Windows 1100 C:\WINDOWS\system32\Ati2evxx.exe
<verified> AVG Internet Security 1112 C:\Program Files\AVG\AVG9\avgchsvx.exe
<verified> AVG Internet Security 1376 C:\Program Files\AVG\AVG9\avgcsrvx.exe
<verified> AVG Internet Security 540 C:\Program Files\AVG\AVG9\avgnsx.exe
<verified> AVG Internet Security 1124 C:\Program Files\AVG\AVG9\avgrsx.exe
<verified> AVG Internet Security 1276 C:\Program Files\AVG\AVG9\avgwdsvc.exe
<verified> Bonjour 1360 C:\Program Files\Bonjour\mDNSResponder.exe
<verified> Firefox 3016 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> GoogleToolbarNotifier 2916 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> iTunes 3936 C:\Program Files\iPod\bin\iPodService.exe
<verified> iTunes 3920 C:\Program Files\iTunes\iTunesHelper.exe
<verified> Java™ Platform SE 6 U20 1952 C:\Program Files\Java\jre6\bin\jqs.exe
<verified> Java™ Platform SE Auto Updater 2 0 2856 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> McAfee SiteAdvisor 576 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
<verified> Microsoft® Visual Studio .NET 876 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
<verified> Microsoft® Windows® Operating System 4000 C:\WINDOWS\eHome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 1688 C:\WINDOWS\eHome\ehRecvr.exe
<verified> Microsoft® Windows® Operating System 1816 C:\WINDOWS\eHome\ehSched.exe
<verified> Microsoft® Windows® Operating System 2112 C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 2588 C:\WINDOWS\ehome\mcrdsvc.exe
<verified> Microsoft® Windows® Operating System 556 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 3708 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 572 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2968 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 3668 C:\WINDOWS\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 3252 C:\WINDOWS\system32\NOTEPAD.EXE
<verified> Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 504 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1488 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 432 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2184 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2256 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1304 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1060 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1024 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 924 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1208 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 552 C:\WINDOWS\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 608 C:\WINDOWS\system32\winlogon.exe
<verified> Realtek Audio - Event Monitor 2824 C:\WINDOWS\ALCXMNTR.EXE
<verified> Yahoo! AutoUpdater 2380 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


Network activity
----------------
Process firefox.exe (3016) connected on port 80 (HTTP) --> 207.179.86.184
Process firefox.exe (3016) connected on port 80 (HTTP) --> 96.6.165.115
Process firefox.exe (3016) connected on port 80 (HTTP) --> 199.7.51.190
Process firefox.exe (3016) connected on port 80 (HTTP) --> 209.85.225.138
Process firefox.exe (3016) connected on port 80 (HTTP) --> 96.6.172.20
Process firefox.exe (3016) connected on port 80 (HTTP) --> 207.179.86.183

Process svchost.exe (924) listens on ports: 135 (RPC)
Process svchost.exe (2184) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
<unsigned> Adobe Acrobat C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE
<unsigned> Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> CEEment C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
<unsigned> Hewlett-Packard Company KBD EXE C:\HP\KBD\KBD.EXE
<unsigned> hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<unsigned> HP Photosmart c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
<unsigned> HPBootOp C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
<unsigned> NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
<unsigned> NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll
<unsigned> nwiz.exe C:\WINDOWS\system32\nwiz.exe
<unsigned> QuickTime C:\Program Files\QuickTime\qttask.exe
<unsigned> RunnerEXE Application C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
<unsigned> SpywareGuard C:\Program Files\SpywareGuard\sgmain.exe
<unsigned> SpywareGuard Protection C:\Program Files\SpywareGuard\spywareguard.dll

<verified> ARPowerMsg Application C:\WINDOWS\ARPWRMSG.EXE
<verified> hpwuSchd Application C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
<verified> Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
<verified> ATI External Event Utility for Windows C:\WINDOWS\system32\ati2evxx.dll
<verified> AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> Skype C:\Program Files\Skype\Phone\Skype.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<unsigned> Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<unsigned> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> SpywareGuard Download Protection c:\program files\spywareguard\dlprotect.dll

<verified> AcroIEHelper Library c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
<verified> AVG Internet Security c:\program files\avg\avg9\avgssie.dll
<verified> AVG Security Toolbar c:\program files\avg\avg9\toolbar\ietoolbar.dll
<verified> BitDefender QuickScan C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\eetkmeqt.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.ocx
<verified> Google Toolbar for IE c:\program files\google\googletoolbar2.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll
<verified> Messenger C:\Program Files\Messenger\msmsgs.exe
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> Panda ActiveScan 2.0 C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
<verified> System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Single Instance for Mail c:\program files\yahoo!\companion\installs\cpn0\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll


Missing files
-------------
File not found: C:\PROGRA~1\AVG\AVG8\avgemc.exe
referenced in: HKLM\System\ControlSet001\services\avg8emc\"ImagePath"

File not found: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
referenced in: HKLM\System\ControlSet001\services\avg8wd\"ImagePath"


Scan
----
<unsigned> MD5: 909efa2d854af25d1164bd5b02065fce C:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\IadHide5.dll
<unsigned> MD5: 308c9ddbd043903534514b097396e017 C:\hp\KBD\aol.dll
<unsigned> MD5: 261e5e3602941656a1442b255c936b9e C:\hp\KBD\cfg.dll
<unsigned> MD5: c81be1b951c36e97d3da90da745da5f7 C:\HP\KBD\KBD.EXE
<unsigned> MD5: f68a3f0d63be926ed65ed1c8c5b03a3d C:\hp\KBD\led.dll
<unsigned> MD5: 205db5a0dd15df2657efd4b64d0cc4a3 C:\hp\KBD\msg.dll
<unsigned> MD5: 60db5561f7b646fa217e9ea6561e6705 C:\hp\KBD\msikbdif.dll
<unsigned> MD5: fb8bfcdf02173e59f8336c3eaece76e5 C:\hp\KBD\Onl.dll
<unsigned> MD5: 5f1ec8079dcc3acb3315966a9a7e2391 C:\hp\KBD\OSD.DLL
<unsigned> MD5: 2ae54f20144b2af570587a8478d02885 C:\hp\KBD\PS2.dll
<unsigned> MD5: 2f420c4dcffacf50f73cab6c27dda901 C:\hp\KBD\sct.dll
<unsigned> MD5: 996fc333026a68a66078a4ab6c9ea54c C:\hp\KBD\url.dll
<unsigned> MD5: f8c008da6f620e822394781c894a06db C:\hp\KBD\usb.dll
<unsigned> MD5: 4b0991cd076b617a2231b19a6663c1c9 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll
<unsigned> MD5: dfcb9ade94a4f8a7c42eef41101a30ad C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
<unsigned> MD5: 0a7977ff7535f237c8c745ae09887c35 C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
<unsigned> MD5: d68018aebb6226bca5103da8b66a57d6 C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll
<unsigned> MD5: 2a9fd56bb0df43c719ba7e706d3bd340 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
<unsigned> MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
<unsigned> MD5: cabf1df6108bde0ea1fdfaa67fa02760 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> MD5: a28de8e4eb7641639f68c62a32264578 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
<unsigned> MD5: dab3b370e0c2815fdf5b29204b8fb984 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
<unsigned> MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
<unsigned> MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
<unsigned> MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
<unsigned> MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files\Bonjour\mdnsNSP.dll
<unsigned> MD5: 6f95324909b502e2651442c1548ab12f C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
<unsigned> MD5: 6e68e520e6f2f5dce97a9ff947038769 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
<unsigned> MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE
<unsigned> MD5: 4a93524b0dfeea362de46b441c7667dc C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll
<unsigned> MD5: 9bf1a8af22aadc7727f4e395c5c09b1b C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
<unsigned> MD5: 6ecf7df7d31ce2509feb0411a3ace8d8 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
<unsigned> MD5: 8ad3535b3d4958b93ebbf0a71b604957 C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
<unsigned> MD5: 8de9ac714b5f6aac451e1a0f71bddaac C:\Program Files\HP\Digital Imaging\bin\hpftra01.dll
<unsigned> MD5: 633a529ebaeb78ff0f50a5a658600eb4 C:\Program Files\HP\Digital Imaging\bin\hphtra08.dll
<unsigned> MD5: 891736c55cef9d265f915bcc0737d8a8 C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
<unsigned> MD5: 6bda568a2aed0f84c717b5649f70c91c C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll
<unsigned> MD5: fc99dc360cfa2e32276151eb7b1d899d C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll
<unsigned> MD5: a490ede46a746e14ae6876021b6d4269 C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll
<unsigned> MD5: 748cad1a5b3db2daeba8744a97d0b14b C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll
<unsigned> MD5: cae751453b5af47e7c98e21e3d2b27db C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc
<unsigned> MD5: aea0b0aa26e4ea377d6a12b3b5d6f90f C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll
<unsigned> MD5: b245e6716cf85bdc55d17030ca609a73 C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
<unsigned> MD5: ea99b12613e5909526123eec64d6abdc C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll
<unsigned> MD5: 7bc9bbc3c0c756b69e3f152abad0b44f C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll
<unsigned> MD5: da74f6cb9b6badc53e72f49bda478ddf C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll
<unsigned> MD5: bc54b152ba902a90d47c4d951ed5a2c4 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc
<unsigned> MD5: 2db4d4386ac0f8cc367e1aa8ab1004ef C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<unsigned> MD5: c29027a7d34814a633f1893eee00a8fc C:\Program Files\HP\Digital Imaging\bin\hpqste08.rsc
<unsigned> MD5: bcbec1b5fde429b2839410d22b5a0d15 C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll
<unsigned> MD5: adb83edd735eb87f4030e5a9e9ba3d5c C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll
<unsigned> MD5: 621d873625b55315d248204e6588ba2d C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
<unsigned> MD5: 1bf96f094044e1a6debefc6fc7e1025f C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll
<unsigned> MD5: 5597d0075861cb0a6e6087752d205c0d C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<unsigned> MD5: 972297bae5220eb376e52839bae013b0 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
<unsigned> MD5: 82e047ac9dcfa908f169ebb20c157198 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
<unsigned> MD5: 9ee09fd74d7d844f10a8450f0849b455 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
<unsigned> MD5: a4aa09635d43634acf690826382cc28c C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll
<unsigned> MD5: 151ef98e3178fb87d343f796537787b4 C:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll
<unsigned> MD5: e49d13c53d51f6e8e1ffef175a320ad7 C:\Program Files\HP\Digital Imaging\Unload\hpqunres.dll
<unsigned> MD5: 4f113169a2de985d043a5530987ad6d0 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
<unsigned> MD5: 8ef356da145f60c3f11df7ef03b97449 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2cb7c019a1ab8ea3d281c9606d097331 c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 8ef356da145f60c3f11df7ef03b97449 C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files\QuickTime\qttask.exe
<unsigned> MD5: 87cf6a8a88b66721d611d5899b761ef7 C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<unsigned> MD5: 9bab019249cf2d8f6df3ce9962d04576 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<unsigned> MD5: 209b093e958cae87c3c2ad9dca554b3c C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<unsigned> MD5: 964621e8b2415feaa99026ed4f29d198 c:\program files\spywareguard\dlprotect.dll
<unsigned> MD5: a80d0704537c0ef97db2bef24b99af1a C:\Program Files\SpywareGuard\sgbhp.exe
<unsigned> MD5: 61c028aba5e49573a6332f4a7c744e87 C:\Program Files\SpywareGuard\sgmain.exe
<unsigned> MD5: cde968df7ea866320efb8762b50e0ad7 C:\Program Files\SpywareGuard\spywareguard.dll
<unsigned> MD5: 149844639a31ad0d97a8b8a10fdc1faa C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\backweb.dll
<unsigned> MD5: 8b89affb35202b8f15a927dc1169f850 C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwfiles.dll
<unsigned> MD5: 0e21535e9bc633ad345bc0f4d2249b33 C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\bwsec.dll
<unsigned> MD5: a12baa38ce07b522671678500d035d40 C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\clntutil.dll
<unsigned> MD5: 29aed649f05213a527e5f62967dbba41 C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\FrExt.dll
<unsigned> MD5: 8779099e892c0750321741bb2038be9f C:\Program Files\Updates from HP\9972322\Program\BWfiles-9972322.dll
<unsigned> MD5: 8779099e892c0750321741bb2038be9f C:\Program Files\Updates from HP\9972322\Program\frext-9972322.dll
<unsigned> MD5: 99616874f4133627e86354730f193076 C:\Program Files\Updates from HP\9972322\Program\HPClientExt.dll
<unsigned> MD5: 84a6c6456f86ed03b79db55bcbcdb2bd C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
<unsigned> MD5: 0be92b27dc8c7b6035a5ec373fc2b619 C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx
<unsigned> MD5: cd81d51cbfd4dc6540340f761bb2e6b6 C:\PROGRA~1\UPDATE~1\9972322\632~1.116\Program\EN\ClientRc.dll
<unsigned> MD5: 1bf1820b86f4921d42d74c922044ac18 C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.DLL
<unsigned> MD5: d5c9b8754337a10c1b4577abdb51aa58 C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
<unsigned> MD5: 4d735830b8f1a519340cb22df844ff31 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
<unsigned> MD5: 3b055e901240ed2247acd0cb3093d8f6 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
<unsigned> MD5: 9d66d3eba023c973c2d5afc408347c6c C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
<unsigned> MD5: 4e41e12684d9459a2dbd497b05297a8b C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
<unsigned> MD5: d264786d3f935147c51903f973f43f93 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
<unsigned> MD5: f6e5a39a13058d52f5a9bc35f9ccdced C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
<unsigned> MD5: 1a0abfaf07d9fd694f928f5640caff47 C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
<unsigned> MD5: 60b76c8d8aff9a0e534bde0046793a22 C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.DLL
<unsigned> MD5: 3ce4866daf11f10efe5e2e9dc2f96080 C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.DLL
<unsigned> MD5: e43216796a81ab5b64ad7fce2a55e676 C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.DLL
<unsigned> MD5: fea8a87aaf7a2dae3621496ca8282956 C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.DLL
<unsigned> MD5: 46be521579317ee924ad21f1304f4085 C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
<unsigned> MD5: ee850c95ed088e8835f2425ee551296f C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.DLL
<unsigned> MD5: cd632a9274e7e85b9f37f84c91595c27 C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.DLL
<unsigned> MD5: a66c6c46a20759550cd7315ef9fac39f C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.DLL
<unsigned> MD5: 3fb0342bdbb03fe1dc12acb8cba07b3e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
<unsigned> MD5: 3628e90586bb3d91b62c8d7d2592f929 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
<unsigned> MD5: a80b36c959696134e6ed7459a5627835 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
<unsigned> MD5: 79524048f735b731383a09b2c6d3e61e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
<unsigned> MD5: 51932026c4423879df53a6e58a1dceb9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
<unsigned> MD5: 94d30f39517e5476332b2801aa80cead C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
<unsigned> MD5: fe61bc7f2d95c125c6d9ae63d2a1f79f C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
<unsigned> MD5: f1023e1ce6520af077203a0832eb2e11 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
<unsigned> MD5: ed32501db0e843769f5180e05b49b2d3 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
<unsigned> MD5: cda3989d2c324206ac9c02990ad7f729 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3470.20865__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.DLL
<unsigned> MD5: 4dbc143b7b0a105ccc1121541936c198 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
<unsigned> MD5: 293b2ea7e95637b69d2a8441c74bf177 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
<unsigned> MD5: e0472d30cd18bb24aa51135548f7c770 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
<unsigned> MD5: 3d2a503a229ebb1956751259afccd9b8 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
<unsigned> MD5: 1fccef31a97338efab404f81fae16f92 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
<unsigned> MD5: 0ca4b0fa32315932e95296415d2f7852 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
<unsigned> MD5: 7dcccd40e15ecad7a7f84f11613156f5 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
<unsigned> MD5: 7a44e9253049d9e30400f9bd78738f50 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
<unsigned> MD5: 9042ba98bb46f64cc0f5eb3b99fd7365 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
<unsigned> MD5: 759865b7337f83c24a003573302e8d94 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
<unsigned> MD5: 1f0c68b89a44626b56d620a4debe3d44 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
<unsigned> MD5: 001bcb2f8acc2fe001f3fbe9e355801d C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
<unsigned> MD5: 32012729e2c34b921535ac43a10f402f C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
<unsigned> MD5: cd42a20298d27c59983d7af709e5d8e2 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3470.20836__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.DLL
<unsigned> MD5: fb86aff35e4187550488764ddc5eb502 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
<unsigned> MD5: dca50eaa8f064f417e01b0db27206ed6 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
<unsigned> MD5: fd1319d7eb8c4bbd9543c4c75b298853 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
<unsigned> MD5: ad5cc6083023219b204ef1c1c438125e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
<unsigned> MD5: 5394377f9bcc9dd9c49cec3e557298f3 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
<unsigned> MD5: 1ef9b184a64ad160e747f57b91fb006b C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
<unsigned> MD5: 6bc1bf45dd60653f3d08b30093abca13 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
<unsigned> MD5: fd83ada2117124f88ea05cdda87b0187 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
<unsigned> MD5: 9acbfc3aaaeeb7aba6291cd3a3dcf2a1 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
<unsigned> MD5: 98f951d44e6ed7bc63758f0865519645 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
<unsigned> MD5: 20f16d017e30c27cb4388254412626bb C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
<unsigned> MD5: db87a5340cff9676a80738f49d9bd3ad C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
<unsigned> MD5: 93f3cead0f4806ad3035684934884108 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
<unsigned> MD5: bd19313da6c91a7b383c8c39f6c73700 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
<unsigned> MD5: 30da5d77e356457e33278ec127f4fc47 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
<unsigned> MD5: 8fdcaa1d42e54017d3433acc08036fab C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
<unsigned> MD5: f992948ae6d7e9cb60cf78a1b2d79dac C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
<unsigned> MD5: 244a84cd307ebf610ca8f974dcb76ddf C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
<unsigned> MD5: 93e6478fe53dfa660eb3b21e3a778b46 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
<unsigned> MD5: 6449938511e739e10d59097451afc926 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
<unsigned> MD5: ff4afddca184c3f30782711cb7a70a5e C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
<unsigned> MD5: 0a7ff91a0a52ef9f1f4af7ccb824a632 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.DLL
<unsigned> MD5: 7b784a53eab30a1b4759bcde3c466665 C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.DLL
<unsigned> MD5: 94a13e178f3587361c8bd1446bdf0a1a C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.DLL
<unsigned> MD5: b8866d52e16a6effc10d5d05633884ee C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
<unsigned> MD5: e9381f3215d774856431240055b408d2 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
<unsigned> MD5: 7a14a84dcc7cff1180c03994dafabba9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
<unsigned> MD5: 21c34cff6e64969156bebac544990a40 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
<unsigned> MD5: 54291edbf31867795e737d522e02c69e C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
<unsigned> MD5: bbb03b86b9781153165e2d06e2ac38b2 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
<unsigned> MD5: 82b92d9c1bd0fe7f4a4f1df4fe94a7dc C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
<unsigned> MD5: 76b55cb8547ec00f04c424a8d8a9c6a9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
<unsigned> MD5: 36416b2f31b82ddf2ec246702ed4bc8b C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.DLL
<unsigned> MD5: 96846ad608f56506887c3d443f3ba895 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.DLL
<unsigned> MD5: 0757caa8b92cafd5e34073620c21b346 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL
<unsigned> MD5: 28dc1a42299c9faa1bd69a5000a29381 C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.DLL
<unsigned> MD5: 3b16801f6169d525e6308462323a40e6 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
<unsigned> MD5: 288948851d663ed08b1808ea1b0ce570 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
<unsigned> MD5: 0ea25b462747caa4e05fb2cbb83bda2d C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
<unsigned> MD5: 3d2a58da885238d0283468e089748eb5 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
<unsigned> MD5: 7e723174cf3f542315444eed73d585ce C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.DLL
<unsigned> MD5: 3bfebf15c50ffb2f0377d903e1823e80 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
<unsigned> MD5: e6c65277fcb950c58ce4a627d0c349cb C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
<unsigned> MD5: 3ff2feff9b4a13e81ecd5f184fe400d9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
<unsigned> MD5: d3e203bccbd65fda6550370979519830 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.DLL
<unsigned> MD5: 0fde9d6f5ef0ec91cf7e07552bf3bbc0 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
<unsigned> MD5: 6cc72bd43647b9072d89c2b54b5f5ce9 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.DLL
<unsigned> MD5: 4717e814e85ba5c25a36cc908384675b C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
<unsigned> MD5: 2df59ccef57fa50a803d519b517f8e2e C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
<unsigned> MD5: b6cbfd752e15950ae4a3cce380210f60 C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.DLL
<unsigned> MD5: 852b2a8dc54df9c18afed3a4abd94cb1 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.DLL
<unsigned> MD5: b6f31340b672b730c51ff44fc783d9e4 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
<unsigned> MD5: ad3fd617782e4b8cc59bb588f921d203 C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.DLL
<unsigned> MD5: 110d2a7bbfba80aae36b5f229fe800ad C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.DLL
<unsigned> MD5: cce69bc85d019f49691c592ddcc2fa97 C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.DLL
<unsigned> MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.DLL
<unsigned> MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.DLL
<unsigned> MD5: 90c13a7525a19cdc9d651b38257983c4 C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.DLL
<unsigned> MD5: 786569d7082130e2c30d9b44def1d501 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
<unsigned> MD5: 7dc7c0eef58730141871365afc083ea1 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
<unsigned> MD5: 790ee8256b17fbec067e7b3ffca9d4d0 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.DLL
<unsigned> MD5: 5eafd4ee6cb0d15c646981fe05f7ca34 C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.DLL
<unsigned> MD5: 0f77a66cfbf9be9bca343d9385f26937 C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.DLL
<unsigned> MD5: 76d3a8a8f5d97344bb644230d2e360c4 C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.DLL
<unsigned> MD5: 20b3cf6a886f8ca5505aee4472347a96 C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.DLL
<unsigned> MD5: 019ca7ec74eb0e553cc077a18a9e43d4 C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
<unsigned> MD5: 28284c03aca54a149ccd57621d2a1dfe C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
<unsigned> MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
<unsigned> MD5: 47f50ae87ee36d131edcdc7e9bb4d31e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
<unsigned> MD5: fc6427ffb3d95cf1bb9babe68baa8385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
<unsigned> MD5: c6a6bbf37263d7b17c842adb92d1f1ca C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
<unsigned> MD5: 28766b0b79493832741cadb3717eec0c C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
<unsigned> MD5: ca27faaa54b1f007e81d5b9499db341b C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
<unsigned> MD5: 7f463ed611a7d56b114072c8f3cc7747 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
<unsigned> MD5: 77ddf48fc522950c4438cdafba856705 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
<unsigned> MD5: b9a6dde053d32ae313e7fd295f14fc7f C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
<unsigned> MD5: 3fea9d2edf23b0283c7a66c8dea380bd C:\WINDOWS\Downloaded Program Files\dwusplay.dll
<unsigned> MD5: cdbe35ea59bc9223e4f800bd1db82d27 C:\WINDOWS\Downloaded Program Files\dwusplay.exe
<unsigned> MD5: 6f88f1de97b7ba6e2be4dc29aeeacf0d C:\WINDOWS\Downloaded Program Files\isusweb.dll
<unsigned> MD5: 474623f2e0bda43be1e8c80bf373f65a C:\WINDOWS\system32\ati2sgag.exe
<unsigned> MD5: 8f2097e8b174f38178570c611464935f C:\WINDOWS\system32\atl71.dll
<unsigned> MD5: 59301936898ae62245a6f09c0aba9475 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
<unsigned> MD5: a7b973de438a6b98ca7f365837d2f548 C:\WINDOWS\System32\Drivers\jl2005c.sys
<unsigned> MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
<unsigned> MD5: 54281e0eeb10143ec4327bb5d123f125 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
<unsigned> MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys
<unsigned> MD5: 71e276f6d189413266ea22171806597b C:\WINDOWS\system32\drivers\SPTD.sys
<unsigned> MD5: 8d1805727e8642ff88de9daeb088adef C:\WINDOWS\system32\fpalsu.dll
<unsigned> MD5: 36247c6d5e1fe03a56ee81bb99d7e68c C:\WINDOWS\system32\HPTcpMib.dll
<unsigned> MD5: e0b83adfb16d794a0d207fe119d03182 C:\WINDOWS\system32\HPTcpMon.dll
<unsigned> MD5: 5cc3838902a9257b79bd43f56d8b7275 C:\WINDOWS\system32\HPTcpMUI.dll
<unsigned> MD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dll
<unsigned> MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\mfc71.dll
<unsigned> MD5: baf751e7061ff626aa60f56d1d5d1fdc C:\WINDOWS\system32\MFC71ENU.DLL
<unsigned> MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
<unsigned> MD5: 7cd8382ed0c71669f77c971be6370c81 C:\WINDOWS\system32\NvCpl.dll
<unsigned> MD5: 12aac52c3802d5f85c42d086c2fa14b9 C:\WINDOWS\system32\NvMcTray.dll
<unsigned> MD5: a50af72fbca4b753fed148688e7d9abb C:\WINDOWS\system32\nvsvc32.exe
<unsigned> MD5: 5ba8defcd6e8d797fd1bc334445da340 C:\WINDOWS\system32\nwiz.exe
<unsigned> MD5: f5943c2f7cd00cdd27ee233b30ebd5c7 C:\WINDOWS\system32\Richtx32.ocx
<unsigned> MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
<unsigned> MD5: 06a1ecb63df139ec639e084d4ab3c9d7 C:\windows\system\hpsysdrv.exe


No file uploaded.

Scan finished - communication took 5 sec
Total traffic - 0.11 MB sent, 3.94 KB recvd
Scanned 1593 files and modules - 132 seconds

==============================================================================



The Volume display is still popping up on my screen, shows that my volume is set at 100. Hopefully you can help me figure out how to get rid of it.
Thanks again for your time. ( I'll continue to try and run ESet.)
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
I see AVG has removed
c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe
which it should not have done:

http://forums.avg.co...m...ow&id=89395

That's why your installer kept trying to install Unload. The file was missing.
Supposedly they have corrected it in the latest definitions.

Do you know what the other file was that AVG removed? I expect it was also a false positive and may have killed your sound.

The sound drivers for your PC are available at:
ftp://ftp.hp.com/pub/softlib/software6/CO...0-1/sp26599.exe
It's about a 15 meg download.

Ron
  • 0

#7
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
the other files that AVG moved to the virus vault are.

c:\System Volume Information\_restore{106CF321-4E3A-9103-1BD027606A99}RP362\A0029245.exe
also
\A0029246.exe
\A0029247.exe
\A0029248.exe.

I downloaded and installed the drivers you linked for me and so far no volume pop up. I'll post back if it does happen. am I clean then??

Edited by EricaL, 04 June 2010 - 05:04 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
Yes I think so.

The files that AVG removed are all in System Restore. Perhaps other copies of the same files it ate.

I think GMER might have run into a hard drive problem.

1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, and then restart your computer to start the disk check. Takes about 30 minutes to an hour to run.

Then GMER should work OK.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron
  • 0

#9
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
okay ran check disk again took a little over 2 hours and GMER still will not run. It locks my computer up completely and wont even allow my task mgr to open, even using ctrl alt del. It hangs everything. I did have the volume display pop up once when I was reading your reply but has not done it since. I have winpatrol installed and running and have uninstalled combofix.
I don't know why GMER will not run for me. I followed the directions as written to no avail. Any ideas?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
Some times GMER will run in Safe Mode. Could be having a problem with AVG or SpywareGuard.

We can run Root Repeal instead.

We Need to check for Rootkits with RootRepeal
[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]
Ron
  • 0

#11
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
here is the root repeal log. and the volume pop up is back. I checked AVG after this mornings scan and no viruses detected.



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/06/05 11:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAC3DE000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA604000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA885D000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

==EOF==
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,149 posts
  • MVP
Nothing there. Only thing I can suggest is to remove AVG and replace it with Avast.
http://www.avast.com...avast-home.html
Then reinstall the Audio driver software and see if it still goes batty.

Ron
  • 0

#13
EricaL

EricaL

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay I've done everything you've suggested and I know my system is clean now, I think I may have figured out what the problem is. I think it's the monitor buttons themselves. I just had the volume display pop up again and stay there this time for about 5 minutes. I hit the volume button not really expecting anything to happen but as I held the button in the display went off. released and it came back so that got me thinking, double clicked to go into the menu and it was flashing all over the place. that's telling me it's more of a hardware problem than software, as I've always had sound the display would just pop up. I borrowed this monitor from a friend about 2 weeks ago when mine finally died, so I'm gonna have to ask her if it was doing it to her.
After getting the crazy menu flashing through all the settings the monitor reconfig'd itself and as of now no pop ups. of course there was still the problem with AVG and the false positive so maybe a combination of both??

I'm grasping at straws here as I just don't know anymore.
Thanks for all of your help. I am switching to Avast as soon as I can download it. I'll let you know after switching over if that seems to fix the problem or if I should just stop pulling my hair out and drop kick this baby through the window.
Thanks again Ron for all your help I really do appreciate it!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP