Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

kkk.exe and trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

kkk.exe and trojan

Unread postby dmr371 » November 5th, 2008, 4:16 pm

Hello i have been having some problems with removing the kkk.exe file. I have used anti virus anti malware programs but for some reason i can not delete this file. It keeps saying that my computer is clean but when i try to delete the kkk folder in my c drive it keeps telling me that it is being used by another program. Any help would be appreciated. I am not very computer savy but am willing to learn. Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:35 PM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Philips Webcam\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uindy.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\Philips Webcam\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5788296625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5788432765
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8018 bytes
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm
Advertisement
Register to Remove

Re: kkk.exe and trojan

Unread postby Katana » November 8th, 2008, 6:40 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------




Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 8th, 2008, 9:28 pm

Hello Katana, and thank you for helping me. Here are the requested logs:

log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by mujicd at 2008-11-08 20:22:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (72%) free of 64 GB
Total RAM: 479 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:25 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Philips Webcam\Monitor.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mujicd\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\mujicd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uindy.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\Philips Webcam\Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 5788296625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5788432765
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8420 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-04 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-04 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-11-04 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-18 7585792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-18 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-01 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-31 761946]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-07-11 102400]
""= []
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-19 163840]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-05-30 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-04 1234712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Monitor.lnk - C:\Program Files\Philips Webcam\Monitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-11-08 20:22:36 ----D---- C:\rsit
2008-11-05 18:49:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-05 17:37:26 ----D---- C:\WINDOWS\ie7updates
2008-11-05 17:36:27 ----D---- C:\WINDOWS\WBEM
2008-11-05 17:35:51 ----HDC---- C:\WINDOWS\ie7
2008-11-05 17:35:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-05 17:35:02 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-05 15:03:45 ----D---- C:\Program Files\Trend Micro
2008-11-05 14:33:47 ----D---- C:\WINDOWS\Prefetch
2008-11-05 13:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-05 13:31:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-05 13:31:28 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-05 13:23:35 ----D---- C:\WINDOWS\system32\en-us
2008-11-05 13:23:33 ----D---- C:\WINDOWS\system32\scripting
2008-11-05 13:23:30 ----D---- C:\WINDOWS\system32\en
2008-11-05 13:23:30 ----D---- C:\WINDOWS\system32\bits
2008-11-05 09:17:58 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-04 21:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-04 21:10:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-04 21:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-04 21:10:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-04 21:09:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-11-04 21:09:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-04 21:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-04 21:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-04 21:09:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-04 21:09:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-04 21:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-11-04 21:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-04 21:08:12 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-04 21:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-11-04 21:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-04 21:05:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-04 21:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-04 21:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-04 21:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-04 21:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-04 21:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-04 21:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-04 21:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-04 21:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-04 21:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-04 21:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-04 20:55:06 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-04 20:55:04 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-04 20:55:02 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-04 20:54:59 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-04 20:54:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-04 20:54:55 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-04 20:54:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-04 20:54:49 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-04 20:54:41 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-04 20:54:39 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-04 20:54:38 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-04 20:54:38 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-04 20:54:38 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-04 20:54:38 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-04 20:54:38 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-04 20:54:34 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-04 20:54:31 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-04 20:54:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-04 20:54:26 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-04 20:54:25 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-04 20:54:24 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-04 20:54:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-04 20:54:24 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-04 20:54:22 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-04 20:54:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-04 20:54:01 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-04 20:54:00 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-04 20:54:00 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-04 20:53:58 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-04 20:53:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-04 20:53:49 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-04 20:53:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-04 20:53:13 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-04 20:53:13 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-04 20:53:13 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-04 20:53:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-04 20:53:05 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-04 20:53:05 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-04 20:53:05 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-04 20:53:05 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-04 20:53:05 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-04 20:52:53 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-04 20:52:52 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-04 20:52:47 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-04 20:52:43 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-04 20:52:39 ----A---- C:\WINDOWS\006030_.tmp
2008-11-04 20:52:38 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-04 20:52:25 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-04 20:52:25 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-04 20:52:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-04 20:52:24 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-04 20:52:23 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-04 20:52:23 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-04 20:52:22 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-04 20:52:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-04 19:59:18 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-04 19:59:16 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-04 19:59:16 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-04 19:59:14 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-04 19:59:13 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-04 19:59:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-04 19:59:09 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-04 19:59:09 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-04 19:59:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-04 19:59:09 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-04 19:59:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-04 19:59:08 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-04 19:59:08 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-04 19:59:08 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-04 19:59:07 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-04 14:50:48 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-04 14:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-04 14:48:51 ----HD---- C:\$AVG8.VAULT$
2008-11-04 01:45:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-04 01:45:53 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-04 01:09:42 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-11-04 01:09:25 ----D---- C:\Documents and Settings\mujicd\Application Data\AVGTOOLBAR
2008-11-04 01:09:12 ----D---- C:\Program Files\AVG
2008-11-04 01:09:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-04 00:46:22 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-11-04 00:46:22 ----A---- C:\WINDOWS\system32\wups2.dll
2008-11-04 00:46:21 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-11-04 00:46:21 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-11-04 00:46:20 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-03 20:52:49 ----D---- C:\Documents and Settings\mujicd\Application Data\Sun
2008-11-03 16:37:34 ----D---- C:\Documents and Settings\mujicd\Application Data\Uniblue
2008-11-03 16:37:14 ----D---- C:\Program Files\Uniblue
2008-11-03 03:32:43 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-03 03:27:06 ----D---- C:\Program Files\a-squared Free
2008-11-02 21:45:17 ----D---- C:\Documents and Settings\mujicd\Application Data\AdobeUM
2008-11-02 21:44:28 ----D---- C:\Documents and Settings\mujicd\Application Data\Adobe
2008-11-02 21:12:30 ----D---- C:\Documents and Settings\mujicd\Application Data\Mozilla
2008-11-02 18:05:09 ----ASH---- C:\Documents and Settings\mujicd\Application Data\desktop.ini
2008-11-02 18:05:06 ----D---- C:\Documents and Settings\mujicd\Application Data\Identities
2008-11-02 18:05:05 ----SD---- C:\Documents and Settings\mujicd\Application Data\Microsoft
2008-11-02 18:05:05 ----D---- C:\Documents and Settings\mujicd\Application Data\Macromedia
2008-11-02 18:05:05 ----D---- C:\Documents and Settings\mujicd\Application Data\Intuit
2008-11-02 18:00:03 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-11-02 18:00:03 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-11-02 18:00:03 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-11-02 18:00:02 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-11-02 16:48:50 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-02 16:40:31 ----D---- C:\Documents and Settings\mujicd\Application Data\skypePM
2008-11-02 16:39:14 ----D---- C:\Documents and Settings\mujicd\Application Data\Skype
2008-11-02 16:32:23 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2008-11-02 16:26:21 ----D---- C:\Program Files\NetWaiting
2008-11-02 16:16:48 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-11-02 16:15:15 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-30 15:57:03 ----D---- C:\Program Files\Babya Software Group
2008-10-29 18:01:18 ----D---- C:\WINDOWS\Minidump
2008-10-09 14:34:36 ----A---- C:\WINDOWS\Dext2001.ini
2008-10-09 14:34:10 ----D---- C:\Program Files\Philips Webcam
2008-10-09 08:49:00 ----D---- C:\Program Files\Skype
2008-10-09 08:48:59 ----D---- C:\Program Files\Common Files\Skype
2008-10-09 08:48:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

======List of files/folders modified in the last 1 months======

2008-11-08 20:23:25 ----D---- C:\WINDOWS\temp
2008-11-08 20:16:17 ----D---- C:\Program Files\Mozilla Firefox
2008-11-08 20:15:59 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-11-08 20:15:52 ----D---- C:\WINDOWS\Registration
2008-11-08 20:15:48 ----D---- C:\WINDOWS
2008-11-08 20:15:35 ----A---- C:\hpqp.ini
2008-11-08 20:14:57 ----A---- C:\XP_TV.ini
2008-11-08 16:40:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-07 17:22:02 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-07 17:21:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-07 17:20:37 ----D---- C:\WINDOWS\system32
2008-11-07 11:43:36 ----HD---- C:\WINDOWS\inf
2008-11-07 11:43:35 ----D---- C:\WINDOWS\Help
2008-11-05 18:49:21 ----SHD---- C:\WINDOWS\Installer
2008-11-05 18:49:20 ----HD---- C:\Config.Msi
2008-11-05 18:27:34 ----A---- C:\WINDOWS\win.ini
2008-11-05 18:17:51 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-05 18:16:14 ----A---- C:\WINDOWS\imsins.BAK
2008-11-05 18:15:52 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-05 17:43:47 ----D---- C:\Program Files\Internet Explorer
2008-11-05 17:36:35 ----D---- C:\WINDOWS\system32\config
2008-11-05 17:36:21 ----D---- C:\WINDOWS\Media
2008-11-05 17:26:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-05 15:20:28 ----D---- C:\WINDOWS\system32\drivers
2008-11-05 15:03:45 ----D---- C:\Program Files
2008-11-05 14:34:59 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-05 14:34:12 ----A---- C:\WINDOWS\setuplog.txt
2008-11-05 14:33:12 ----D---- C:\WINDOWS\system32\wbem
2008-11-05 14:33:12 ----D---- C:\WINDOWS\system32\Setup
2008-11-05 14:33:12 ----D---- C:\WINDOWS\AppPatch
2008-11-05 14:33:11 ----RSD---- C:\WINDOWS\Fonts
2008-11-05 13:31:38 ----D---- C:\Program Files\Messenger
2008-11-05 13:31:06 ----D---- C:\WINDOWS\security
2008-11-05 13:24:27 ----D---- C:\WINDOWS\WinSxS
2008-11-05 13:23:58 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-05 13:23:57 ----D---- C:\WINDOWS\ime
2008-11-05 13:23:35 ----D---- C:\WINDOWS\system32\usmt
2008-11-05 13:23:30 ----D---- C:\WINDOWS\PeerNet
2008-11-05 13:23:29 ----D---- C:\Program Files\Movie Maker
2008-11-05 13:23:10 ----D---- C:\WINDOWS\system32\Restore
2008-11-05 13:23:10 ----D---- C:\WINDOWS\system32\npp
2008-11-05 13:23:10 ----D---- C:\WINDOWS\mui
2008-11-05 13:23:09 ----D---- C:\WINDOWS\msagent
2008-11-05 13:23:07 ----D---- C:\WINDOWS\srchasst
2008-11-05 13:23:06 ----D---- C:\Program Files\NetMeeting
2008-11-05 13:23:04 ----D---- C:\WINDOWS\system32\Com
2008-11-05 13:23:01 ----D---- C:\Program Files\Windows NT
2008-11-05 13:23:01 ----D---- C:\Program Files\Outlook Express
2008-11-05 13:22:58 ----D---- C:\Program Files\Common Files\System
2008-11-05 13:22:45 ----D---- C:\WINDOWS\system32\oobe
2008-11-05 13:22:42 ----D---- C:\WINDOWS\system
2008-11-05 13:19:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-05 13:19:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-05 13:16:00 ----D---- C:\WINDOWS\ehome
2008-11-05 09:17:59 ----D---- C:\WINDOWS\Debug
2008-11-05 00:32:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-04 21:09:00 ----D---- C:\Program Files\Windows Media Player
2008-11-04 01:17:08 ----D---- C:\Program Files\Microsoft Office
2008-11-04 01:05:38 ----D---- C:\Program Files\Common Files
2008-11-04 00:54:27 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-04 00:47:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-03 13:41:44 ----D---- C:\Program Files\DIGStream
2008-11-03 03:34:18 ----SHD---- C:\RECYCLER
2008-11-02 21:48:19 ----D---- C:\Program Files\Quicken
2008-11-02 21:48:16 ----A---- C:\WINDOWS\QUICKEN.INI
2008-11-02 21:20:28 ----D---- C:\Program Files\Online Services
2008-11-02 21:10:59 ----A---- C:\WINDOWS\ODBC.INI
2008-11-02 18:05:04 ----D---- C:\Documents and Settings
2008-11-02 18:03:56 ----SHD---- C:\System Volume Information
2008-11-02 18:03:17 ----RASH---- C:\boot.ini
2008-11-02 18:00:03 ----N---- C:\WINDOWS\system.ini
2008-11-02 17:23:54 ----RD---- C:\WINDOWS\Web
2008-11-02 17:23:53 ----D---- C:\WINDOWS\twain_32
2008-11-02 17:23:35 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-02 17:23:33 ----D---- C:\WINDOWS\system32\spool
2008-11-02 17:23:20 ----D---- C:\WINDOWS\system32\ras
2008-11-02 17:22:58 ----D---- C:\WINDOWS\system32\mui
2008-11-02 17:22:50 ----D---- C:\WINDOWS\system32\msmq
2008-11-02 17:22:46 ----D---- C:\WINDOWS\system32\MsDtc
2008-11-02 17:22:44 ----SD---- C:\WINDOWS\system32\Microsoft
2008-11-02 17:22:42 ----D---- C:\WINDOWS\system32\Macromed
2008-11-02 17:22:32 ----D---- C:\WINDOWS\system32\IME
2008-11-02 17:22:31 ----D---- C:\WINDOWS\system32\icsxml
2008-11-02 17:22:31 ----D---- C:\WINDOWS\system32\ias
2008-11-02 17:22:11 ----D---- C:\WINDOWS\system32\DirectX
2008-11-02 17:21:51 ----D---- C:\WINDOWS\system32\1033
2008-11-02 17:21:48 ----D---- C:\WINDOWS\SMINST
2008-11-02 17:21:42 ----D---- C:\WINDOWS\repair
2008-11-02 17:20:45 ----RD---- C:\WINDOWS\Offline Web Pages
2008-11-02 17:20:45 ----D---- C:\WINDOWS\pchealth
2008-11-02 17:20:45 ----D---- C:\WINDOWS\nview
2008-11-02 17:18:08 ----D---- C:\WINDOWS\Cursors
2008-11-02 17:18:07 ----D---- C:\WINDOWS\CREATOR
2008-11-02 17:17:38 ----RSD---- C:\WINDOWS\assembly
2008-11-02 17:17:35 ----HD---- C:\WINDOWS\$NtUninstallKB915381$
2008-11-02 17:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB913580$
2008-11-02 17:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB913446$
2008-11-02 17:17:33 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2008-11-02 17:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB912436$
2008-11-02 17:17:32 ----HD---- C:\WINDOWS\$NtUninstallKB912067$
2008-11-02 17:17:31 ----HD---- C:\WINDOWS\$NtUninstallKB911927$
2008-11-02 17:17:30 ----HD---- C:\WINDOWS\$NtUninstallKB911565$
2008-11-02 17:17:30 ----HD---- C:\WINDOWS\$NtUninstallKB911564$
2008-11-02 17:17:30 ----HD---- C:\WINDOWS\$NtUninstallKB911164$
2008-11-02 17:17:29 ----HD---- C:\WINDOWS\$NtUninstallKB910728$
2008-11-02 17:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB909095$
2008-11-02 17:17:28 ----HD---- C:\WINDOWS\$NtUninstallKB910393$
2008-11-02 17:17:26 ----HD---- C:\WINDOWS\$NtUninstallKB908519$
2008-11-02 17:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB904706$
2008-11-02 17:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB903235$
2008-11-02 17:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2008-11-02 17:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB901190$
2008-11-02 17:17:25 ----HD---- C:\WINDOWS\$NtUninstallKB896727$
2008-11-02 17:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2008-11-02 17:17:24 ----HD---- C:\WINDOWS\$NtUninstallKB896423$
2008-11-02 17:17:24 ----HD---- C:\WINDOWS\$NtUninstallKB896422$
2008-11-02 17:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB892559$
2008-11-02 17:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB890546$
2008-11-02 17:17:23 ----HD---- C:\WINDOWS\$NtUninstallKB893066$
2008-11-02 17:17:23 ----HD---- C:\WINDOWS\$NtUninstallKB891781$
2008-11-02 17:17:23 ----HD---- C:\WINDOWS\$NtUninstallKB891220$
2008-11-02 17:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-11-02 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-11-02 17:17:21 ----HDC---- C:\WINDOWS\$NtUninstallKB885855$
2008-11-02 17:17:21 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-11-02 17:17:21 ----HD---- C:\WINDOWS\$NtUninstallKB888113$
2008-11-02 17:17:21 ----HD---- C:\WINDOWS\$NtUninstallKB885250$
2008-11-02 17:08:30 ----D---- C:\WINDOWS\SHELLNEW
2008-11-02 17:07:58 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-02 17:03:25 ----D---- C:\Program Files\Sonic
2008-11-02 17:02:39 ----D---- C:\Program Files\RGB
2008-11-02 17:02:38 ----D---- C:\Program Files\Quickensetup
2008-11-02 17:00:16 ----D---- C:\Program Files\music_now
2008-11-02 17:00:12 ----D---- C:\Program Files\Microsoft.NET
2008-11-02 16:59:32 ----D---- C:\Program Files\Microsoft Office Trial Wizard
2008-11-02 16:59:04 ----D---- C:\Program Files\Microsoft Money 2006
2008-11-02 16:58:46 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-02 16:58:15 ----D---- C:\Program Files\HP Rhapsody
2008-11-02 16:56:12 ----D---- C:\Program Files\GemMaster
2008-11-02 16:56:07 ----D---- C:\Program Files\EnglishOtto
2008-11-02 16:56:02 ----D---- C:\Program Files\Encarta Online
2008-11-02 16:56:02 ----D---- C:\Program Files\DivX
2008-11-02 16:55:29 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-11-02 16:55:29 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-11-02 16:55:22 ----D---- C:\Program Files\Common Files\Services
2008-11-02 16:55:22 ----D---- C:\Program Files\Common Files\Palo Alto Software
2008-11-02 16:54:35 ----D---- C:\Program Files\Common Files\LightScribe
2008-11-02 16:54:29 ----D---- C:\Program Files\Common Files\Intuit
2008-11-02 16:54:22 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-02 16:53:31 ----RHD---- C:\MSOCache
2008-11-02 16:52:59 ----D---- C:\I386
2008-11-02 16:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-11-02 16:46:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-02 16:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\DIGStream
2008-11-02 16:26:20 ----D---- C:\Program Files\CONEXANT
2008-11-02 16:23:38 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-02 16:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-02 16:16:15 ----SD---- C:\WINDOWS\Tasks
2008-11-02 16:15:23 ----D---- C:\Program Files\Yahoo!
2008-11-02 16:11:47 ----HD---- C:\System.sav
2008-11-02 16:11:47 ----D---- C:\SWSetup
2008-11-02 16:07:00 ----D---- C:\hp
2008-11-02 16:06:54 ----AD---- C:\WINDOWS\system32\pcintro
2008-10-30 16:53:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-15 08:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 17:24:27 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-11-04 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-11-04 26824]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-11-04 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-01 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-08-29 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-08-29 208384]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-18 3687552]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-02 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-02 13056]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-05 11136]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-31 193056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-08-29 728576]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-04-28 429184]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-12 57320]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-15 28928]
S3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-31 51584]
S3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-31 308992]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-13 874240]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-11-03 419448]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-11-04 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-05-18 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-18 143426]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-12 126976]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

info log:

info.txt logfile of random's system information tool 1.04 2008-11-08 20:23:30

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Kahuna Reef from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7948472C-423F-4134-B68F-48D660A05D71\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\384E0BF4-1E1F-45A6-B60E-42144A3F15CD\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9F3399B2-9ED6-4339-84A2-686432638B86\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Crystal Maze from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FATE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
Flip Words from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F2566CC2-D4C4-44ED-A838-3F8288D8D3FE\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP QuickPlay 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0031-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
Insaniquarium Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0E5266B4-9069-401A-93AE-5FF9F1712016\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel Quest from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Mah Jong Quest from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB09F05F-85C6-4205-B28D-5BF071D276C3}\setup.exe" -l0x9
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Oasis from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Polar Bowler from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
SCRABBLE from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Super Granny from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TourSetup-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Vongo-->MsiExec.exe /I{DB7E00C9-6DEF-489A-8112-D8F81614F45A}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB915381-->"C:\WINDOWS\$NtUninstallKB915381$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Home Network Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
Zuma Deluxe from Hewlett-Packard Laptops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 76 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PRESARIO
"PLATFORM"=MCD

-----------------EOF-----------------
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 9th, 2008, 5:51 am

Information


Registry Cleaners

Re. Uniblue RegistryBooster 2009

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

----------------------------------------------------------- -----------------------------------------------------------

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now download and install Java Runtime Environment (JRE) .

----------------------------------------------------------- -----------------------------------------------------------
Step 3


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 2.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.


----------------------------------------------------------- -----------------------------------------------------------
Step 4

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 10th, 2008, 10:44 pm

Hello Katana, i have removed the adobe reader and the java. I have updated both with your suggestions. Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.30
Database version: 1378
Windows 5.1.2600 Service Pack 3

11/9/2008 8:32:02 PM
mbam-log-2008-11-09 (20-32-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 148943
Time elapsed: 1 hour(s), 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 11th, 2008, 6:21 am

Please download FileLook by jpshortstuff from one of these mirrors:
Link 1
Link 2
  • Double-click FileLook.exe to run it.
  • Ensure that the BBCode Ouput checkbox is checked.
  • Copy the content of the following codebox into the main textfield:

    Code: Select all
    kkk.exe /s

  • Click the FileLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at C:\fl_log.txt


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 13th, 2008, 1:01 am

Hello, here is the Filelook notepad:

FileLook.exe v2.0 by jpshortstuff
Log created at 20:02 on 12/11/2008
==================================
FileSearch - "KKK.EXE"


==============================

=EOF=

Kaspersky's note pad:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 12, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 12, 2008 22:52:42
Records in database: 1382106
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 77092
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:36:21

No malware has been detected. The scan area is clean.

The selected area was scanned.


dmr371
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 13th, 2008, 8:04 am

There is no evidence of any infection/s, can you still see this "kkk" that is causing you problems ?
Is it a file or folder, and where is it located ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 13th, 2008, 1:52 pm

I can still see the file. It is located in my computer under the local disk C. However some of the contents of the file have been removed. The only thing that is left are two folders. The main kkk and a sub folder named update.
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 13th, 2008, 2:32 pm

OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below. ( Make sure you include :Files )
Code: Select all
:Files
C:\kkk

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 17th, 2008, 3:04 am

Hello, sorry that it took me this long, but here goes the log:
========== FILES ==========
Folder move failed. C:\kkk\update scheduled to be moved on reboot.
Folder move failed. C:\kkk scheduled to be moved on reboot.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_015409

Files moved on Reboot...
Folder move failed. C:\kkk\update scheduled to be moved on reboot.
Folder move failed. C:\kkk\update scheduled to be moved on reboot.
Folder move failed. C:\kkk scheduled to be moved on reboot.



dmr371
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 17th, 2008, 8:49 am

Hmm, it looks like that didn't work ????

Let's try something a bit stronger :)


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 18th, 2008, 4:32 pm

Here goes the log: (Sadly the kkk folder is still in there).

ComboFix 08-11-18.02 - mujicd 2008-11-18 15:15:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.208 [GMT -6:00]
Running from: c:\documents and settings\mujicd\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Courtney Lannon\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\mujicd\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-18 to 2008-11-18 )))))))))))))))))))))))))))))))
.

2008-11-17 01:54 . 2008-11-17 01:54 <DIR> d-------- C:\_OTMoveIt
2008-11-12 20:27 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:21 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 23:45 . 2008-11-10 23:45 <DIR> d-------- c:\program files\Foxit Software
2008-11-10 01:47 . 2008-11-10 01:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-10 01:47 . 2008-11-10 01:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-10 00:59 . 2008-04-13 12:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-11-09 21:22 . 2008-11-09 21:22 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Malwarebytes
2008-11-09 21:21 . 2008-11-09 21:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 21:21 . 2008-11-09 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 21:21 . 2008-10-22 18:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 21:21 . 2008-10-22 18:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 22:22 . 2008-11-08 22:23 <DIR> d-------- C:\rsit
2008-11-05 19:36 . 2008-10-03 11:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-05 19:36 . 2007-04-17 03:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-05 19:36 . 2007-03-07 23:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-05 19:36 . 2008-08-26 01:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-05 19:36 . 2008-08-26 01:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-05 19:36 . 2008-08-26 01:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-05 19:36 . 2008-08-26 01:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-05 19:36 . 2008-08-26 01:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-05 19:36 . 2008-08-25 02:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\scripting
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\en
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\bits
2008-11-04 23:08 . 2008-11-04 23:08 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-04 22:55 . 2008-04-13 18:12 276,992 --------- c:\windows\system32\wmphoto.dll
2008-11-04 22:55 . 2008-04-13 18:12 69,120 --------- c:\windows\system32\wlanapi.dll
2008-11-04 22:53 . 2008-04-13 18:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-11-04 22:52 . 2004-08-03 20:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-11-04 21:59 . 2008-04-13 18:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-11-04 21:19 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-04 21:19 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-11-04 21:18 . 2008-08-14 04:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-11-04 21:16 . 2008-09-08 04:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-04 21:15 . 2008-09-15 06:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-04 21:14 . 2008-08-14 04:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-04 21:14 . 2008-08-14 04:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-04 21:14 . 2008-08-14 03:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-04 21:14 . 2008-08-14 03:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-04 20:52 . 2006-12-06 22:14 2,330,624 --------- c:\windows\system32\dllcache\wmvcore.dll
2008-11-04 20:52 . 2008-05-08 08:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2008-11-04 20:48 . 2008-04-11 13:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-11-04 20:37 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-11-04 16:48 . 2008-11-11 03:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-04 03:45 . 2008-10-16 16:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-04 03:45 . 2008-10-16 16:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-04 03:09 . 2008-11-17 22:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-04 03:09 . 2008-11-04 03:09 <DIR> d-------- c:\program files\AVG
2008-11-04 03:09 . 2008-11-04 03:14 <DIR> d-------- c:\documents and settings\mujicd\Application Data\AVGTOOLBAR
2008-11-04 03:09 . 2008-11-06 19:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-04 03:09 . 2008-11-04 03:09 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-04 03:09 . 2008-11-04 03:09 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-04 03:09 . 2008-11-04 03:09 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-04 02:46 . 2008-10-16 16:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-11-04 02:46 . 2008-10-16 16:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-04 02:46 . 2008-10-16 16:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-04 02:46 . 2008-10-16 16:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-04 02:46 . 2008-10-16 16:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-04 02:40 . 2008-11-04 02:40 <DIR> d--hs---- c:\documents and settings\mujicd\UserData
2008-11-03 22:58 . 2007-12-24 19:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-03 18:37 . 2008-11-03 18:37 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Uniblue
2008-11-03 05:27 . 2008-11-17 02:05 <DIR> d-------- c:\program files\a-squared Free
2008-11-02 23:45 . 2008-11-02 23:45 <DIR> d-------- c:\documents and settings\mujicd\Application Data\AdobeUM
2008-11-02 20:05 . 2006-09-21 00:20 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Intuit
2008-11-02 20:05 . 2008-11-05 02:27 <DIR> d-------- c:\documents and settings\mujicd
2008-11-02 20:03 . 2008-11-02 18:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-11-02 20:03 . 2006-09-21 00:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2008-11-02 20:00 . 2006-03-15 14:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_864.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_862.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_720.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_708.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\C_28596.NLS
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10021.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10005.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10004.nls
2008-11-02 20:00 . 2006-03-15 14:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-11-02 20:00 . 2006-03-15 14:00 6,144 --a------ c:\windows\system32\ftlx041e.dll
2008-11-02 20:00 . 2006-03-15 14:00 5,632 --a------ c:\windows\system32\kbdusa.dll
2008-11-02 19:59 . 2001-08-17 15:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-02 19:59 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-02 18:49 . 2008-04-13 12:46 85,248 --a------ c:\windows\system32\drivers\nabtsfec.sys
2008-11-02 18:49 . 2008-04-13 12:46 19,200 --a------ c:\windows\system32\drivers\wstcodec.sys
2008-11-02 18:49 . 2008-04-13 12:46 17,024 --a------ c:\windows\system32\drivers\ccdecode.sys
2008-11-02 18:49 . 2008-04-13 18:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-02 18:49 . 2008-04-13 12:46 15,232 --a------ c:\windows\system32\drivers\streamip.sys
2008-11-02 18:49 . 2008-04-13 12:46 11,136 --a------ c:\windows\system32\drivers\slip.sys
2008-11-02 18:49 . 2008-04-13 12:46 10,880 --a------ c:\windows\system32\drivers\ndisip.sys
2008-11-02 18:49 . 2008-04-13 12:39 5,504 --a------ c:\windows\system32\drivers\mstee.sys
2008-11-02 18:48 . 2008-04-13 12:46 121,984 --a------ c:\windows\system32\drivers\usbvideo.sys
2008-11-02 18:48 . 2008-04-13 18:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-11-02 18:48 . 2008-04-13 18:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-11-02 18:48 . 2008-04-13 18:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-02 18:48 . 2008-04-13 18:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-11-02 18:48 . 2008-04-13 12:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-02 18:48 . 2008-04-13 18:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-11-02 18:48 . 2008-04-13 18:12 20,992 --a------ c:\windows\system32\dshowext.ax
2008-11-02 18:40 . 2008-11-18 14:20 <DIR> d-------- c:\documents and settings\mujicd\Application Data\skypePM
2008-11-02 18:40 . 2008-11-02 18:40 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-02 18:39 . 2008-11-18 14:46 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Skype
2008-11-02 18:32 . 2006-12-19 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-11-02 18:26 . 2008-11-02 18:26 <DIR> d-------- c:\program files\NetWaiting
2008-11-02 18:07 . 2008-11-17 01:55 <DIR> d--hs---- c:\documents and settings\mujicd\Temporary Internet Files
2008-11-02 18:07 . 2008-11-05 16:35 <DIR> d--hs---- c:\documents and settings\mujicd\History
2008-11-02 18:06 . 2008-11-02 18:06 1,650 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_Presario V6000 (RG298UA#ABA)_YN_0Pres_QCNF6491B8X_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M479_J80_7AMD_8Sempron_91.81_#060920_N14E44311_(RG298UA#ABA)_XMOBILE_CN10_Z_2Rev 1_G10DE0244.MRK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 08:08 --------- d-----w c:\program files\RGB
2008-11-10 07:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 07:46 --------- d-----w c:\program files\Java
2008-11-10 07:22 --------- d-----w c:\program files\WildTangent
2008-11-03 21:41 --------- d-----w c:\program files\DIGStream
2008-11-03 05:48 --------- d-----w c:\program files\Quicken
2008-11-03 01:07 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-03 01:03 --------- d-----w c:\program files\Sonic
2008-11-03 01:02 --------- d-----w c:\program files\Quickensetup
2008-11-03 01:00 --------- d-----w c:\program files\music_now
2008-11-03 01:00 --------- d-----w c:\program files\Microsoft.NET
2008-11-03 00:59 --------- d-----w c:\program files\Microsoft Office Trial Wizard
2008-11-03 00:58 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 00:56 --------- d-----w c:\program files\GemMaster
2008-11-03 00:56 --------- d-----w c:\program files\EnglishOtto
2008-11-03 00:56 --------- d-----w c:\program files\Encarta Online
2008-11-03 00:56 --------- d-----w c:\program files\DivX
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-11-03 00:54 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-03 00:54 --------- d-----w c:\program files\Common Files\Intuit
2008-11-03 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-03 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-11-03 00:26 --------- d-----w c:\program files\CONEXANT
2008-11-03 00:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-03 00:15 --------- d-----w c:\program files\Yahoo!
2008-10-31 02:31 --------- d-----w c:\documents and settings\Courtney Lannon\Application Data\Skype
2008-10-31 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-31 00:03 --------- d-----w c:\documents and settings\Courtney Lannon\Application Data\skypePM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 22:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-09 22:34 --------- d-----w c:\program files\Philips Webcam
2008-10-09 16:49 --------- d-----w c:\program files\Skype
2008-10-09 16:49 --------- d-----w c:\program files\Common Files\Skype
2008-10-09 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-18 22:56 --------- d-----w c:\program files\MSXML 6.0
2008-09-18 06:36 --------- d-----w c:\program files\Research In Motion
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 21:54 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:37 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:30 1,499,136 ------w c:\windows\system32\dllcache\shdocvw.dll
2007-10-29 22:59 532 -c--a-w c:\documents and settings\Courtney Lannon\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1234712]
"nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Monitor.lnk - c:\program files\Philips Webcam\Monitor.exe [2007-10-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 76040]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\mujicd\Application Data\Mozilla\Firefox\Profiles\ixusks1w.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.uindy.edu
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 15:17:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???x\??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-18 15:19:16
ComboFix-quarantined-files.txt 2008-11-18 21:19:12

Pre-Run: 48,954,408,960 bytes free
Post-Run: 49,079,447,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

270 --- E O F --- 2008-11-13 03:01:44
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm

Re: kkk.exe and trojan

Unread postby Katana » November 18th, 2008, 4:50 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    C:\kkk
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: kkk.exe and trojan

Unread postby dmr371 » November 19th, 2008, 12:30 am

Here is the log: It still did not delete the kkk folder. I wonder if i can run ComboFix in safemode while my computer is not connected to the internet? Sorry, i don't want to try it because i am a little scared of screwing things up so i rather ask first. What do you think?

ComboFix 08-11-18.02 - mujicd 2008-11-18 23:12:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.126 [GMT -6:00]
Running from: c:\documents and settings\mujicd\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mujicd\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kkk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-17 01:54 . 2008-11-17 01:54 <DIR> d-------- C:\_OTMoveIt
2008-11-12 20:27 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 20:21 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 23:45 . 2008-11-10 23:45 <DIR> d-------- c:\program files\Foxit Software
2008-11-10 01:47 . 2008-11-10 01:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-10 01:47 . 2008-11-10 01:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-10 00:59 . 2008-04-13 12:45 26,368 --a------ c:\windows\system32\dllcache\usbstor.sys
2008-11-09 21:22 . 2008-11-09 21:22 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Malwarebytes
2008-11-09 21:21 . 2008-11-09 21:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-09 21:21 . 2008-11-09 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-09 21:21 . 2008-10-22 18:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-09 21:21 . 2008-10-22 18:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-08 22:22 . 2008-11-08 22:23 <DIR> d-------- C:\rsit
2008-11-05 19:36 . 2008-10-03 11:41 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-05 19:36 . 2007-04-17 03:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-05 19:36 . 2007-03-07 23:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-05 19:36 . 2008-08-26 01:24 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-05 19:36 . 2008-08-26 01:24 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-05 19:36 . 2008-08-26 01:24 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-05 19:36 . 2008-08-26 01:24 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-05 19:36 . 2008-08-26 01:24 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-05 19:36 . 2008-08-25 02:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d-------- c:\program files\Trend Micro
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\scripting
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\en
2008-11-05 15:23 . 2008-11-05 15:23 <DIR> d-------- c:\windows\system32\bits
2008-11-04 23:08 . 2008-11-04 23:08 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-04 22:55 . 2008-04-13 18:12 276,992 --------- c:\windows\system32\wmphoto.dll
2008-11-04 22:55 . 2008-04-13 18:12 69,120 --------- c:\windows\system32\wlanapi.dll
2008-11-04 22:53 . 2008-04-13 18:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2008-11-04 22:52 . 2004-08-03 20:41 1,041,536 --------- c:\windows\system32\drivers\hsfdpsp2.sys
2008-11-04 21:59 . 2008-04-13 18:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-11-04 21:19 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2008-11-04 21:19 . 2008-06-13 05:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2008-11-04 21:18 . 2008-08-14 04:04 138,496 --------- c:\windows\system32\dllcache\afd.sys
2008-11-04 21:16 . 2008-09-08 04:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-04 21:15 . 2008-09-15 06:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-04 21:14 . 2008-08-14 04:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-04 21:14 . 2008-08-14 04:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-04 21:14 . 2008-08-14 03:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-04 21:14 . 2008-08-14 03:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-04 20:52 . 2006-12-06 22:14 2,330,624 --------- c:\windows\system32\dllcache\wmvcore.dll
2008-11-04 20:52 . 2008-05-08 08:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2008-11-04 20:48 . 2008-04-11 13:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2008-11-04 20:37 . 2008-10-15 10:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-11-04 16:48 . 2008-11-11 03:07 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-04 03:45 . 2008-10-16 16:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-04 03:45 . 2008-10-16 16:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-04 03:09 . 2008-11-18 22:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-04 03:09 . 2008-11-04 03:09 <DIR> d-------- c:\program files\AVG
2008-11-04 03:09 . 2008-11-04 03:14 <DIR> d-------- c:\documents and settings\mujicd\Application Data\AVGTOOLBAR
2008-11-04 03:09 . 2008-11-06 19:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-04 03:09 . 2008-11-04 03:09 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-04 03:09 . 2008-11-04 03:09 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-04 03:09 . 2008-11-04 03:09 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-04 02:46 . 2008-10-16 16:09 43,544 --a------ c:\windows\system32\wups2.dll
2008-11-04 02:46 . 2008-10-16 16:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2008-11-04 02:46 . 2008-10-16 16:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2008-11-04 02:46 . 2008-10-16 16:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-11-04 02:46 . 2008-10-16 16:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2008-11-04 02:40 . 2008-11-04 02:40 <DIR> d--hs---- c:\documents and settings\mujicd\UserData
2008-11-03 22:58 . 2007-12-24 19:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2008-11-03 18:37 . 2008-11-03 18:37 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Uniblue
2008-11-03 05:27 . 2008-11-17 02:05 <DIR> d-------- c:\program files\a-squared Free
2008-11-02 23:45 . 2008-11-02 23:45 <DIR> d-------- c:\documents and settings\mujicd\Application Data\AdobeUM
2008-11-02 20:05 . 2006-09-21 00:20 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Intuit
2008-11-02 20:05 . 2008-11-05 02:27 <DIR> d-------- c:\documents and settings\mujicd
2008-11-02 20:03 . 2008-11-02 18:46 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2008-11-02 20:03 . 2006-09-21 00:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2008-11-02 20:00 . 2006-03-15 14:00 185,344 --a------ c:\windows\system32\Thawbrkr.dll
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_864.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_862.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,594 --a------ c:\windows\system32\c_720.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_708.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\C_28596.NLS
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10021.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10005.nls
2008-11-02 20:00 . 2006-03-15 14:00 66,082 --a------ c:\windows\system32\c_10004.nls
2008-11-02 20:00 . 2006-03-15 14:00 10,752 --a------ c:\windows\system32\c_iscii.dll
2008-11-02 20:00 . 2006-03-15 14:00 6,144 --a------ c:\windows\system32\ftlx041e.dll
2008-11-02 20:00 . 2006-03-15 14:00 5,632 --a------ c:\windows\system32\kbdusa.dll
2008-11-02 19:59 . 2001-08-17 15:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-11-02 19:59 . 2008-04-13 12:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-11-02 18:49 . 2008-04-13 12:46 85,248 --a------ c:\windows\system32\drivers\nabtsfec.sys
2008-11-02 18:49 . 2008-04-13 12:46 19,200 --a------ c:\windows\system32\drivers\wstcodec.sys
2008-11-02 18:49 . 2008-04-13 12:46 17,024 --a------ c:\windows\system32\drivers\ccdecode.sys
2008-11-02 18:49 . 2008-04-13 18:12 16,384 --a------ c:\windows\system32\ipsink.ax
2008-11-02 18:49 . 2008-04-13 12:46 15,232 --a------ c:\windows\system32\drivers\streamip.sys
2008-11-02 18:49 . 2008-04-13 12:46 11,136 --a------ c:\windows\system32\drivers\slip.sys
2008-11-02 18:49 . 2008-04-13 12:46 10,880 --a------ c:\windows\system32\drivers\ndisip.sys
2008-11-02 18:49 . 2008-04-13 12:39 5,504 --a------ c:\windows\system32\drivers\mstee.sys
2008-11-02 18:48 . 2008-04-13 12:46 121,984 --a------ c:\windows\system32\drivers\usbvideo.sys
2008-11-02 18:48 . 2008-04-13 18:12 91,136 --a------ c:\windows\system32\kswdmcap.ax
2008-11-02 18:48 . 2008-04-13 18:12 61,952 --a------ c:\windows\system32\kstvtune.ax
2008-11-02 18:48 . 2008-04-13 18:12 53,760 --a------ c:\windows\system32\vfwwdm32.dll
2008-11-02 18:48 . 2008-04-13 18:12 43,008 --a------ c:\windows\system32\ksxbar.ax
2008-11-02 18:48 . 2008-04-13 12:45 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-02 18:48 . 2008-04-13 18:12 28,672 --a------ c:\windows\system32\vidcap.ax
2008-11-02 18:48 . 2008-04-13 18:12 20,992 --a------ c:\windows\system32\dshowext.ax
2008-11-02 18:40 . 2008-11-18 22:47 <DIR> d-------- c:\documents and settings\mujicd\Application Data\skypePM
2008-11-02 18:40 . 2008-11-02 18:40 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-11-02 18:39 . 2008-11-18 23:09 <DIR> d-------- c:\documents and settings\mujicd\Application Data\Skype
2008-11-02 18:32 . 2006-12-19 17:06 1,495,552 --a------ c:\windows\system32\epoPGPsdk.dll
2008-11-02 18:26 . 2008-11-02 18:26 <DIR> d-------- c:\program files\NetWaiting
2008-11-02 18:07 . 2008-11-17 01:55 <DIR> d--hs---- c:\documents and settings\mujicd\Temporary Internet Files
2008-11-02 18:07 . 2008-11-05 16:35 <DIR> d--hs---- c:\documents and settings\mujicd\History
2008-11-02 18:06 . 2008-11-02 18:06 1,650 -rahs---- c:\windows\system32\drivers\103C_HP_NTBK_Presario V6000 (RG298UA#ABA)_YN_0Pres_QCNF6491B8X_E432250002_46_I30B7_SQuanta_V65.21_BF.1A_T061025_WXP2_L409_M479_J80_7AMD_8Sempron_91.81_#060920_N14E44311_(RG298UA#ABA)_XMOBILE_CN10_Z_2Rev 1_G10DE0244.MRK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 08:08 --------- d-----w c:\program files\RGB
2008-11-10 07:51 --------- d-----w c:\program files\Common Files\Adobe
2008-11-10 07:46 --------- d-----w c:\program files\Java
2008-11-10 07:22 --------- d-----w c:\program files\WildTangent
2008-11-03 21:41 --------- d-----w c:\program files\DIGStream
2008-11-03 05:48 --------- d-----w c:\program files\Quicken
2008-11-03 01:07 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-03 01:03 --------- d-----w c:\program files\Sonic
2008-11-03 01:02 --------- d-----w c:\program files\Quickensetup
2008-11-03 01:00 --------- d-----w c:\program files\music_now
2008-11-03 01:00 --------- d-----w c:\program files\Microsoft.NET
2008-11-03 00:59 --------- d-----w c:\program files\Microsoft Office Trial Wizard
2008-11-03 00:58 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-03 00:56 --------- d-----w c:\program files\GemMaster
2008-11-03 00:56 --------- d-----w c:\program files\EnglishOtto
2008-11-03 00:56 --------- d-----w c:\program files\Encarta Online
2008-11-03 00:56 --------- d-----w c:\program files\DivX
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-03 00:55 --------- d-----w c:\program files\Common Files\Palo Alto Software
2008-11-03 00:54 --------- d-----w c:\program files\Common Files\LightScribe
2008-11-03 00:54 --------- d-----w c:\program files\Common Files\Intuit
2008-11-03 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-11-03 00:46 --------- d-----w c:\documents and settings\All Users\Application Data\DIGStream
2008-11-03 00:26 --------- d-----w c:\program files\CONEXANT
2008-11-03 00:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-03 00:23 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-11-03 00:15 --------- d-----w c:\program files\Yahoo!
2008-10-31 02:31 --------- d-----w c:\documents and settings\Courtney Lannon\Application Data\Skype
2008-10-31 00:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-10-31 00:03 --------- d-----w c:\documents and settings\Courtney Lannon\Application Data\skypePM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-09 22:34 --------- d-----w c:\program files\Philips Webcam
2008-10-09 16:49 --------- d-----w c:\program files\Skype
2008-10-09 16:49 --------- d-----w c:\program files\Common Files\Skype
2008-10-09 16:49 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2007-10-29 22:59 532 -c--a-w c:\documents and settings\Courtney Lannon\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-11-18_15.18.44.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-19 05:18:26 16,384 ----atw c:\windows\temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-11 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-04 1234712]
"nwiz"="nwiz.exe" [2006-08-18 c:\windows\system32\nwiz.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-13 c:\windows\system32\mqrt.dll]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-01 c:\windows\system32\CHDAudPropShortcut.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
Monitor.lnk - c:\program files\Philips Webcam\Monitor.exe [2007-10-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-04 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-04 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-04 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-04 76040]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:18:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ????[??????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\a-squared Free\a2service.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\dllhost.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-18 23:25:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-19 05:25:29
ComboFix2.txt 2008-11-18 21:19:18

Pre-Run: 49,107,501,056 bytes free
Post-Run: 49,091,571,712 bytes free

246 --- E O F --- 2008-11-13 03:01:44
dmr371
Active Member
 
Posts: 8
Joined: November 5th, 2008, 4:07 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 327 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware