Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis log, Please help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijackthis log, Please help!

Unread postby edttodd » August 16th, 2010, 2:43 pm

Computer has been running very slow and cannot perform system restore. After a virus/malware scan I removed 4 files but these keep returning and are not permanently removed by my software. Here is the log of removed files:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.


Here is the Hijackthis log file. What should I do next???



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:37:47 AM, on 8/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {564DA6D2-C31C-43B5-AE7E-7C59F0084228} - (no file)
O2 - BHO: (no name) - {60B0AD12-E02F-4CAB-9848-71C9F3B4B5D3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f7779cca-c2a5-4552-8d98-91b5259f084e} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB004" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=6007
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: crntaz.dll avaqql.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logical Disk Manager (NDIS) - Unknown owner - C:\Program Files\system\smss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10872 bytes
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm
Advertisement
Register to Remove

Re: Hijackthis log, Please help!

Unread postby DFW » August 18th, 2010, 3:43 pm

Hi edttodd, and welcome


I can under stand your need to get your system clean, but it has come to my attention that you have posted for help with your computer at other forums, as well as this forum,
while going over your log, we are very busy at present, hence the few days wait.

http://www.bleepingcomputer.com/forums/topic340324.html

May I draw your attention to the Forum Guidelines on Multi-Posting

  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.

Please let me know what you would like to do
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 18th, 2010, 3:55 pm

I have asked to remove the thread from the other forum. Please let me know what I should do next. Thanks
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 18th, 2010, 4:12 pm

Ok that's great let's get started.



Please observe the following points and rules while we work:


  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The clean up process can take time. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Some of the Logs we ask for can take some time to Analise, so please be patient.

Before we start:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.




Code: Select all
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.


These look like items from a Malwarebytes' Anti-Malware log, if so, can you please post it, and any others you have ran in the last few days.

Open Malwarebytes' Anti-Malware
Click on the Logs tab
Now click on the first scan Log, Click open
Repeat for any others up to the today
Please copy and paste into your next reply



Download and Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
  • Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



Please post back with both rsit logs
Malwarebytes Log/s
And please let me know if you have ran any other scans or fix,s
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 18th, 2010, 11:00 pm

I have not done any other scans or fixes besides deleting some old programs.

Here is my first Malware scan from last week

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

8/11/2010 9:45:10 PM
mbam-log-2010-08-11 (21-45-10).txt

Scan type: Quick Scan
Objects scanned: 50880
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 20
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Then a few days later

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

8/15/2010 4:25:13 PM
mbam-log-2010-08-15 (16-25-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 134482
Time elapsed: 1 hour(s), 8 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 23
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{46c6db97-f140-4bdf-a2e2-ee3d26225861}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{46c6db97-f140-4bdf-a2e2-ee3d26225861}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{46c6db97-f140-4bdf-a2e2-ee3d26225861}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4cef0582-9dd0-4095-94be-7ab8f1bb522e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{544ffaf7-fd7f-4134-9e96-6f3e29e2e404}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9b4d7012-4bfb-4359-9140-b84d671ddcca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b53cc131-c396-4830-8b44-24706716c341}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b79cd0e0-7db7-4724-a9d0-ed3179536593}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b90286ee-8244-42a6-b679-979a616ad7d9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.110,85.255.112.151 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

8/15/2010 7:36:38 PM
mbam-log-2010-08-15 (19-36-38).txt

Scan type: Quick Scan
Objects scanned: 53978
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Then from today
Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

8/18/2010 8:20:22 AM
mbam-log-2010-08-18 (08-20-22).txt

Scan type: Quick Scan
Objects scanned: 56062
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the log txt
Logfile of random's system information tool 1.08 (written by random/random)
Run by Compaq_Owner at 2010-08-18 21:56:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 109 GB (75%) free of 146 GB
Total RAM: 446 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:25 PM, on 8/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {564DA6D2-C31C-43B5-AE7E-7C59F0084228} - (no file)
O2 - BHO: (no name) - {60B0AD12-E02F-4CAB-9848-71C9F3B4B5D3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f7779cca-c2a5-4552-8d98-91b5259f084e} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB004" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=6007
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: crntaz.dll avaqql.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logical Disk Manager (NDIS) - Unknown owner - C:\Program Files\system\smss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10953 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\xiqwwmlw.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{564DA6D2-C31C-43B5-AE7E-7C59F0084228}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60B0AD12-E02F-4CAB-9848-71C9F3B4B5D3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f7779cca-c2a5-4552-8d98-91b5259f084e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-02 180269]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-02-17 49152]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-01 196608]
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [2001-09-24 98304]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"ImgTask"=C:\WINDOWS\Imgtask.exe [2006-12-12 20480]
"EPSON Stylus CX4600 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE [2004-03-04 98304]
"Broadcom Wireless Manager"=C:\WINDOWS\system32\wltray.exe [2007-06-14 1282048]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"nfr"=nfr.dll,ServiceMain /pid=6007 []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe
Autodetect.lnk - C:\Program Files\Photolightning\autodetect.exe
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="crntaz.dll avaqql.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-07 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUkKecd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2010-08-18 21:56:04 ----D---- C:\rsit
2010-08-16 15:38:17 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-08-16 15:38:12 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-08-16 15:38:09 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-08-16 15:38:01 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-08-12 20:03:03 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-12 20:01:49 ----D---- C:\Program Files\QuickTime
2010-08-12 20:00:49 ----D---- C:\Program Files\Apple Software Update
2010-08-12 19:59:31 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-08-12 19:58:50 ----D---- C:\Program Files\Bonjour
2010-08-12 19:16:46 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-08-12 19:16:41 ----D---- C:\Program Files\Common Files\Java
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\javaws.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\javaw.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\java.exe
2010-08-12 19:16:27 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-08-10 21:23:55 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2010-08-10 21:23:43 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2010-08-18 21:56:25 ----D---- C:\Program Files\Trend Micro
2010-08-18 21:42:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-18 13:10:57 ----D---- C:\WINDOWS\Prefetch
2010-08-18 13:10:53 ----A---- C:\WINDOWS\win.ini
2010-08-17 17:33:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-17 10:03:38 ----D---- C:\WINDOWS\Temp
2010-08-17 10:03:34 ----D---- C:\WINDOWS
2010-08-16 15:38:22 ----D---- C:\WINDOWS\system32\dllcache
2010-08-16 15:38:17 ----D---- C:\WINDOWS\system32
2010-08-16 15:38:15 ----D---- C:\WINDOWS\system32\drivers
2010-08-16 10:27:53 ----SHD---- C:\WINDOWS\Installer
2010-08-16 10:27:53 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2010-08-15 13:37:32 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2010-08-13 15:18:32 ----D---- C:\Program Files\Common Files\Adobe
2010-08-13 08:42:10 ----AHD---- C:\hp
2010-08-13 08:40:03 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt
2010-08-13 08:39:30 ----D---- C:\WINDOWS\inf
2010-08-13 08:19:14 ----D---- C:\Program Files
2010-08-13 08:19:13 ----D---- C:\Program Files\Common Files\Apple
2010-08-12 20:06:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2010-08-12 20:05:23 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-08-12 20:03:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-12 20:00:42 ----D---- C:\WINDOWS\Tasks
2010-08-12 19:58:18 ----D---- C:\WINDOWS\WinSxS
2010-08-12 19:16:41 ----D---- C:\Program Files\Common Files
2010-08-12 19:16:07 ----D---- C:\Program Files\Java
2010-08-12 07:57:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 21:39:09 ----D---- C:\Program Files\Yahoo!
2010-08-11 21:38:44 ----A---- C:\YServer.txt
2010-08-11 21:31:30 ----D---- C:\Program Files\Google
2010-08-11 21:31:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-08-11 21:31:17 ----D---- C:\Program Files\DVDFab Platinum 4
2010-08-11 21:31:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2010-08-11 21:31:12 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
2010-08-11 21:30:59 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-08 23:39:54 ----D---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bb-run;Promise driver accelerator; C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17408]
R0 ftsata2;ftsata2; C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-04-14 175616]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-03-09 870912]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 nfr.sys;nfr.sys; \??\C:\WINDOWS\system32\drivers\nfr.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-07 1235968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 lusbaudio;Logitech USB Microphone; C:\WINDOWS\system32\drivers\lvsound2.sys [2001-09-23 33280]
S3 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2007-04-26 33664]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2001-09-23 10261]
S3 LVVI500A;LVVI500A Service; C:\WINDOWS\system32\DRIVERS\lvvi500a.sys [2001-09-20 193574]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ndiswdm.sys [2007-10-09 198144]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-01 47360]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WlanUIG;2Wire 802.11g USB Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-05-16 347648]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-07 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-08-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2007-06-14 20480]
S2 Logical Disk Manager (NDIS);Logical Disk Manager (NDIS); C:\Program Files\system\smss.exe [2009-02-04 11780]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-08 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Info.txt
info.txt logfile of random's system information tool 1.08 2010-08-18 21:56:29

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{329899E1-CBBA-49BC-9FFE-199E94316727}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 7.1.0 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI Soft Modem-->agrsmdel
Apex Free PSP Video Converter 6.81-->"C:\Program Files\Apex\Apex Free PSP Video Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlueRaTech-->"C:\Program Files\BlueRaTech\Uninstall.exe"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Bookworm Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
Candy Land - Dora the Explorer Edition-->C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\INSTALL.LOG
Canon MP Navigator 2.2-->"C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 User Registration-->C:\Program Files\Canon\IJEREG\MP530\UNINST.EXE
Canon MP530-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Console Classix 3.7-->"C:\Program Files\ConsoleClassix.com\unins000.exe"
Digby's Donuts from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3DB5E24E-D0CE-437E-96BB-35E09A45B800\Uninstall.exe"
Dynex Wireless G USB Network Adapter Setup-->C:\Program Files\InstallShield Installation Information\{531D27E5-DE21-4777-9EDB-B7803087E7F3}\setup.exe -runfromtemp -l0x0009 -removeonly
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Flip Words from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\220B08B4-42B6-4452-A646-5646B6CB8063\Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
hp deskjet 656c series (Remove only)-->C:\Program Files\hp deskjet 656c series\hpfiui.exe -c -vdivid=HPF -vpnum=89 -vinstport=USB001 -vproduct=656c -huninstall
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
Insaniquarium Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Jewel Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\2FC85AE2-A516-46DC-9622-BEE432D2276B\Uninstall.exe"
Logitech QuickCam-->MsiExec.exe /I{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}
Magic DVD Ripper V5.2.1 build 7-->"C:\Program Files\MagicDVDRipper\unins000.exe"
Mah Jong Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe"
Mahjong Match-->"C:\Program Files\Oberon Media\Mahjong Match\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Match\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Photolightning-->C:\Program Files\Photolightning\Uninstall_Photolightning.exe
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Presto! PageManager 7.15.14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anything -removeonly
Puzzle Express from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet Lost Worlds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe"
Safari-->MsiExec.exe /X{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Screensavers Installer-->"C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sim AQUARIUM 2-->"C:\Program Files\Sim AQUARIUM 2\unins000.exe"
Slingo Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe"
Slyder from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sony Vegas 7.0-->MsiExec.exe /X{EC6BAAC5-F5E0-48D4-B4B6-7C654DD54086}
Super Granny from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
Swarm from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B8DC3DBE-D64E-4EE3-8211-8BCAD6CD3D56\Uninstall.exe"
Tradewinds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VueScan-->C:\VueScan\vuescan.exe /remove
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: DESKTOP
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 36470
Source Name: W32Time
Time Written: 20090811024622.000000-300
Event Type: error
User:

Computer Name: DESKTOP
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 36469
Source Name: W32Time
Time Written: 20090811024622.000000-300
Event Type: error
User:

Computer Name: DESKTOP
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Record Number: 36468
Source Name: W32Time
Time Written: 20090811023126.000000-300
Event Type: error
User:

Computer Name: DESKTOP
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 36467
Source Name: W32Time
Time Written: 20090811023126.000000-300
Event Type: error
User:

Computer Name: DESKTOP
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0022751A2E72. The IP address being used is 169.254.161.11.

Record Number: 36466
Source Name: Dhcp
Time Written: 20090811023106.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: DESKTOP
Event Code: 101
Message:
Record Number: 20760
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090201114419.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP
Event Code: 101
Message:
Record Number: 20758
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090201113919.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP
Event Code: 101
Message:
Record Number: 20756
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090201113419.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP
Event Code: 101
Message:
Record Number: 20754
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090201112919.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DESKTOP
Event Code: 101
Message:
Record Number: 20752
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090201112419.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 19th, 2010, 2:49 am

Hi edttodd


The rsit log confirms that you do not have a Antivirus installed, was this one of the old programs you removed or have you been running for some
time without a Anti virus program??

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code.
They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

Free anti-virus software for Windows
1) Antivir PersonalEditionClassic
2) avast! 4 Home Edition
3)Microsoft Security Essentials


Reboot your system


Also was LimeWire one of the old programs you uninstalled???



Next

Remove Screensavers Installer
Click Start > Control Panel > Add/Remove Programs
Remove the following programs by clicking Remove

  • Screensavers Installer



Disable CD Emulator(s)
We need to use powerful tools to check out your system.
*If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since CD Emulators use a hidden driver which can be seen as a rootkit and can interfere with investigative tools or cause other problems, we need to remove or disable them until disinfection is completed.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Now run HijackThis and create a new log.



Please post back

Gmer log
HijackThis log
Information on Antivirus program and Limewire
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 19th, 2010, 9:43 am

Downloaded and installed Antivir
Limewire was a program that was uninstalled
Here is the gmer log


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-19 08:39:45
Windows 5.1.2600 Service Pack 3
Running: i8q894gg.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kfldapoc.sys


---- System - GMER 1.0.15 ----

SSDT F7B7BABE ZwCreateKey
SSDT F7B7BAB4 ZwCreateThread
SSDT F7B7BAC3 ZwDeleteKey
SSDT F7B7BACD ZwDeleteValueKey
SSDT F7B7BAD2 ZwLoadKey
SSDT F7B7BAA0 ZwOpenProcess
SSDT F7B7BAA5 ZwOpenThread
SSDT F7B7BADC ZwReplaceKey
SSDT F7B7BAD7 ZwRestoreKey
SSDT F7B7BAC8 ZwSetValueKey

Code 84664808 ZwEnumerateKey
Code 84640358 ZwFlushInstructionCache
Code 84667E90 ZwQueryValueKey
Code 84669DCE IofCallDriver
Code 8453E286 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp nfr.sys (nfr/nfr)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxvjappumi.sys (*** hidden *** ) F1648000-F1672000 (172032 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxvjappumi.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxvjappumi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxvjappumi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxydlrmmne.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxvjappumi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@userdata -1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxvjappumi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxydlrmmne.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gaopdxvjappumi.sys 75264 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\gaopdxcounter 4 bytes
File C:\WINDOWS\system32\gaopdxydlrmmne.dll 56832 bytes executable
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieED7.tmp 329 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieED8.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieED9.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDA.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDB.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDC.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDD.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDE.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEDF.tmp 0 bytes
File C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ieEE0.tmp 0 bytes

---- EOF - GMER 1.0.15 ----

Hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:40:38 AM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\Imgtask.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\system\smss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {564DA6D2-C31C-43B5-AE7E-7C59F0084228} - (no file)
O2 - BHO: (no name) - {60B0AD12-E02F-4CAB-9848-71C9F3B4B5D3} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f7779cca-c2a5-4552-8d98-91b5259f084e} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ImgTask] C:\WINDOWS\Imgtask.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB004" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=6007
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logical Disk Manager (NDIS) - Unknown owner - C:\Program Files\system\smss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 11366 bytes
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 19th, 2010, 12:09 pm

Hi edttodd



Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {564DA6D2-C31C-43B5-AE7E-7C59F0084228} - (no file)
O2 - BHO: (no name) - {60B0AD12-E02F-4CAB-9848-71C9F3B4B5D3} - (no file)
O2 - BHO: (no name) - {f7779cca-c2a5-4552-8d98-91b5259f084e} - (no file)
O4 - HKCU\..\Run: [nfr] rundll32.exe nfr.dll,ServiceMain /pid=6007
O20 - AppInit_DLLs: crntaz.dll avaqql.dll
O23 - Service: Logical Disk Manager (NDIS) - Unknown owner - C:\Program Files\system\smss.exe


Then close all windows except Hijackthis and click Fix Checked

Reboot



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic below
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Double click combofix.exe & follow the prompts.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..



Once your system has rebooted run Hijackthis and create a new log.



Please post back

Combofix Log
New Hijackthis log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 19th, 2010, 2:33 pm

Quick note: Not sure if this helps or tells you anything, but the computer took a long time to reboot after the combofix and is running very slowly.
Combofix log

ComboFix 10-08-18.04 - Compaq_Owner 08/19/2010 11:53:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.111 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Compaq_Owner\Application Data\inst.exe
c:\documents and settings\Compaq_Owner\k.exe
c:\program files\system\smss.exe
c:\program files\system\smss.exe.assembly
c:\windows\bobsaver.exe
c:\windows\bobsaver.scr
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
c:\windows\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
c:\windows\Imgtask.exe
c:\windows\system32\dceKkUvw.ini
c:\windows\system32\dceKkUvw.ini2
c:\windows\system32\drivers\gaopdxvjappumi.sys
c:\windows\system32\drivers\nfr.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxydlrmmne.dll
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\ppjhpufi.ini
c:\windows\system32\tgyneeee.ini
c:\windows\system32\uaofbbws.ini
c:\windows\Tasks\xiqwwmlw.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://b9n.org
Infected copy of c:\windows\system32\drivers\nfr.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gaopdxserv.sys
-------\Legacy_LOGICAL_DISK_MANAGER_(NDIS)
-------\Legacy_NFR.SYS
-------\Service_gaopdxserv.sys
-------\Service_Logical Disk Manager (NDIS)
-------\Service_nfr.sys


((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 12:37 . 2010-08-19 12:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
2010-08-19 12:32 . 2010-08-19 12:32 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 12:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-19 12:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-19 12:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-19 12:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\program files\Avira
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-19 02:56 . 2010-08-19 02:56 -------- d-----w- C:\rsit
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-13 01:03 . 2010-08-13 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-13 01:01 . 2010-08-13 01:02 -------- d-----w- c:\program files\QuickTime
2010-08-13 01:00 . 2010-08-13 01:00 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 00:59 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-13 00:58 . 2010-08-13 00:58 -------- d-----w- c:\program files\Bonjour
2010-08-13 00:16 . 2010-08-13 00:16 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 00:16 . 2010-08-13 00:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 02:24 . 2010-08-11 02:24 0 ----a-w- c:\windows\nsreg.dat
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 17:00 . 2009-02-04 16:54 -------- d-----w- c:\program files\system
2010-08-19 02:56 . 2009-02-06 23:28 -------- d-----w- c:\program files\Trend Micro
2010-08-16 15:27 . 2010-08-16 15:27 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:37 . 2005-12-25 01:31 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2010-08-13 20:18 . 2005-09-03 00:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 13:19 . 2007-07-16 03:07 -------- d-----w- c:\program files\Common Files\Apple
2010-08-13 01:06 . 2005-12-24 04:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2010-08-13 01:05 . 2007-07-16 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-13 00:47 . 2008-07-06 22:55 46 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
2010-08-13 00:32 . 2010-04-25 13:51 99 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences2.dat
2010-08-13 00:16 . 2010-08-13 00:16 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcp71.dll
2010-08-13 00:16 . 2010-08-13 00:16 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\jmc.dll
2010-08-13 00:16 . 2010-08-13 00:16 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcr71.dll
2010-08-13 00:16 . 2010-08-13 00:16 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-sse.dll
2010-08-13 00:16 . 2010-08-13 00:16 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-d3d.dll
2010-08-13 00:16 . 2005-09-03 00:22 -------- d-----w- c:\program files\Java
2010-08-12 02:39 . 2006-05-13 02:53 -------- d-----w- c:\program files\Yahoo!
2010-08-12 02:31 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:30 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
.

------- Sigcheck -------

[-] 2009-02-04 16:23 . !HASH: COULD NOT OPEN FILE !!!!! . 8704 . . [------] . . c:\windows\system32\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-6-8 25214]
Autodetect.lnk - c:\program files\Photolightning\autodetect.exe [2006-3-23 28672]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-9-2 36903]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2009-2-23 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-2-12 1073152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7070:TCP"= 7070:TCP:nfr

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/19/2010 7:25 AM 135336]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2/23/2009 5:17 PM 198144]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [5/8/2007 11:56 AM 347648]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o77z4xn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 12:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3540)
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
**************************************************************************
.
Completion time: 2010-08-19 12:21:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-19 17:19

Pre-Run: 114,940,203,008 bytes free
Post-Run: 115,010,240,512 bytes free

- - End Of File - - 1CDB35EB848ABB2A1B03F785B7F6093A
hijackthis log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:16:54 PM, on 8/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Dynex G USB Network Adapter\DynexWCUI.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB004" /M "Stylus CX4600"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Autodetect.lnk = C:\Program Files\Photolightning\autodetect.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10318 bytes
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby edttodd » August 19th, 2010, 4:16 pm

The computer is downloading an update that is only at 10% after about 45 minutes. That is probably why it is so slow.
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 19th, 2010, 5:01 pm

Hi edttodd


edttodd wrote:The computer is downloading an update that is only at 10% after about 45 minutes. That is probably why it is so slow.

That would do it, I take it you mean a windows update??. if it's stilll hanging no harm in stopping it, as long as it is not installing now, we can always update when clean,
however if its installing let it run.
Systems can boot a little slow after running some fix's, we will keep a eye on it.


I'd like you to check a file for Viruses, when the update is over or stopped.
Browse to the below file userinit.exe by following the path below
c:\windows\system32\userinit.exe

  • Once located click "send file" box.
  • If the next window says file already submitted, click "reanalyse"
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste or Note details of any viruses found.

Please post back the results.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 19th, 2010, 11:00 pm

Here is the response from VirusTotal

File name:
userinit.exe
Submission date:
2010-08-20 02:54:11 (UTC)
Current status:
queued queued analysing finished
Result:
0/ 41 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.08.20.00 2010.08.19 -
AntiVir 8.2.4.38 2010.08.19 -
Antiy-AVL 2.0.3.7 2010.08.16 -
Authentium 5.2.0.5 2010.08.20 -
Avast 4.8.1351.0 2010.08.19 -
Avast5 5.0.332.0 2010.08.19 -
AVG 9.0.0.851 2010.08.19 -
BitDefender 7.2 2010.08.20 -
CAT-QuickHeal 11.00 2010.08.19 -
ClamAV 0.96.2.0-git 2010.08.20 -
Comodo 5789 2010.08.20 -
DrWeb 5.0.2.03300 2010.08.20 -
Emsisoft 5.0.0.37 2010.08.20 -
eSafe 7.0.17.0 2010.08.19 -
eTrust-Vet 36.1.7801 2010.08.19 -
F-Prot 4.6.1.107 2010.08.19 -
F-Secure 9.0.15370.0 2010.08.20 -
Fortinet 4.1.143.0 2010.08.19 -
GData 21 2010.08.20 -
Ikarus T3.1.1.88.0 2010.08.20 -
Jiangmin 13.0.900 2010.08.19 -
Kaspersky 7.0.0.125 2010.08.20 -
McAfee 5.400.0.1158 2010.08.20 -
Microsoft 1.6103 2010.08.20 -
NOD32 5380 2010.08.19 -
Norman 6.05.11 2010.08.19 -
nProtect 2010-08-19.01 2010.08.19 -
Panda 10.0.2.7 2010.08.19 -
PCTools 7.0.3.5 2010.08.20 -
Prevx 3.0 2010.08.20 -
Rising 22.61.03.04 2010.08.19 -
Sophos 4.56.0 2010.08.20 -
Sunbelt 6763 2010.08.20 -
SUPERAntiSpyware 4.40.0.1006 2010.08.20 -
Symantec 20101.1.1.7 2010.08.20 -
TheHacker 6.5.2.1.351 2010.08.19 -
TrendMicro 9.120.0.1004 2010.08.19 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.20 -
VBA32 3.12.14.0 2010.08.20 -
ViRobot 2010.8.16.3990 2010.08.19 -
VirusBuster 5.0.27.0 2010.08.19 -
Additional information
Show all
MD5 : a93aee1928a9d7ce3e16d24ec7380f89
SHA1 : 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
ssdeep: 768:0RMJi8jDLIDSAaQFxfftjaLacmkLGKOq:0RMJbDMDSA7FxffJaLaSLG9q
File size : 26112 bytes
First seen: 2009-02-12 03:28:35
Last seen : 2010-08-20 02:54:11
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x54AD
timedatestamp....: 0x480251A8 (Sun Apr 13 18:32:08 2008)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x520E, 0x5400, 5.95, 099b53205ad3f1c3b853a5310d08a9b1
.data, 0x7000, 0x14C, 0x200, 1.86, 0bb948f267e82975313a03d8c0e8a1cf
.rsrc, 0x8000, 0xB50, 0xC00, 3.27, bac832e39f87c4f5f640e5d5c6a1c2fc

[[ 9 import(s) ]]
USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
CRYPT32.dll: CryptProtectData
WINSPOOL.DRV: SpoolerInit
ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
WLDAP32.dll: -, -, -, -, -, -
msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

VT Community

0

This file has never been reviewed by any VT Community member. Be the first one to comment on it!
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 20th, 2010, 4:19 am

Hi edttodd




Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    userinit.exe
    

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt





Run Combofix Script
Stop all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
For instructions on how to disable your security programs, please see this topic below
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


  • Now please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7070:TCP"=-
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Please post back

SystemLook log
Combofix Log.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Hijackthis log, Please help!

Unread postby edttodd » August 20th, 2010, 10:34 am

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:42 on 20/08/2010 by Compaq_Owner (Administrator - Elevation successful)

========== filefind ==========

Searching for "userinit.exe"
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe -----c 24576 bytes [00:10 05/12/2008] [05:00 04/08/2004] 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\ServicePackFiles\i386\userinit.exe ------ 26112 bytes [00:55 27/09/2008] [00:12 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\system32\dllcache\userinit.exe --a--- 26112 bytes [00:55 27/09/2008] [00:12 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\system32\userinit.exe --a--- 26112 bytes [00:55 27/09/2008] [00:12 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89

-=End Of File=-

Combofox log

ComboFix 10-08-18.05 - Compaq_Owner 08/20/2010 8:52.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.211 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll
c:\windows\system32\apxapfdw.dll
c:\windows\system32\blqhhl.dll
c:\windows\system32\cpuvwxrr.dll
c:\windows\system32\eijqfe.dll
c:\windows\system32\grsbhjlr.dll
c:\windows\system32\gujtlyns.dll
c:\windows\system32\inejkeyx.dll
c:\windows\system32\jlvaav.dll
c:\windows\system32\uqupym.dll
c:\windows\system32\xjtwheko.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-20 03:20 . 2010-08-20 03:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-20 03:20 . 2010-08-20 03:20 -------- d-----w- c:\program files\MSBuild
2010-08-20 03:19 . 2010-08-20 03:19 -------- d-----w- c:\program files\Reference Assemblies
2010-08-20 03:19 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-20 03:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-08-20 03:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-08-20 03:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-08-20 03:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-08-20 03:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-08-20 03:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-08-20 03:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-08-20 03:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-08-20 03:18 . 2010-08-20 03:19 -------- d-----w- C:\f76702bc99ada63cdedad511cb9d78f3
2010-08-20 03:04 . 2010-08-20 03:04 -------- d-sh--w- c:\documents and settings\Compaq_Owner\IETldCache
2010-08-20 02:28 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-08-20 02:28 . 2010-06-24 12:21 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-20 02:28 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-20 02:28 . 2010-08-20 02:29 -------- d-----w- c:\windows\ie8updates
2010-08-20 02:27 . 2010-06-18 11:39 16896 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-08-20 02:25 . 2010-08-20 02:27 -------- dc-h--w- c:\windows\ie8
2010-08-19 20:16 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-19 20:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-19 20:15 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-08-19 20:15 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-19 20:12 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-08-19 20:09 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-08-19 20:09 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-08-19 20:09 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-08-19 20:09 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-08-19 20:09 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-08-19 20:09 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-08-19 20:09 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-08-19 20:09 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-08-19 20:06 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-19 20:04 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-19 20:04 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-08-19 12:37 . 2010-08-19 12:37 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Avira
2010-08-19 12:32 . 2010-08-19 12:32 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 12:25 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-19 12:25 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-19 12:25 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-19 12:25 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\program files\Avira
2010-08-19 12:25 . 2010-08-19 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-19 02:56 . 2010-08-19 02:56 -------- d-----w- C:\rsit
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-08-16 20:38 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-16 20:38 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-08-16 20:38 . 2008-04-13 17:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys
2010-08-13 01:03 . 2010-08-13 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-13 01:01 . 2010-08-13 01:02 -------- d-----w- c:\program files\QuickTime
2010-08-13 01:00 . 2010-08-13 01:00 -------- d-----w- c:\program files\Apple Software Update
2010-08-13 00:59 . 2010-04-20 01:47 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-08-13 00:58 . 2010-08-13 00:58 -------- d-----w- c:\program files\Bonjour
2010-08-13 00:16 . 2010-08-13 00:16 -------- d-----w- c:\program files\Common Files\Java
2010-08-13 00:16 . 2010-08-13 00:16 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-11 02:24 . 2010-08-11 02:24 0 ----a-w- c:\windows\nsreg.dat
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Mozilla
2010-07-27 06:30 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 13:47 . 2006-05-05 01:51 43992 ----a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-20 03:03 . 2008-12-14 02:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 19:18 . 2008-10-20 16:57 -------- d-----w- c:\program files\Safari
2010-08-19 17:23 . 2009-02-22 16:32 -------- d-----w- c:\program files\BlueRaTech
2010-08-19 17:00 . 2009-02-04 16:54 -------- d-----w- c:\program files\system
2010-08-19 02:56 . 2009-02-06 23:28 -------- d-----w- c:\program files\Trend Micro
2010-08-16 15:27 . 2010-08-16 15:27 388096 ----a-r- c:\documents and settings\Compaq_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 18:37 . 2005-12-25 01:31 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AdobeUM
2010-08-13 20:18 . 2005-09-03 00:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 13:19 . 2007-07-16 03:07 -------- d-----w- c:\program files\Common Files\Apple
2010-08-13 01:06 . 2005-12-24 04:52 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Apple Computer
2010-08-13 01:05 . 2007-07-16 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-13 00:47 . 2008-07-06 22:55 46 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences.dat
2010-08-13 00:32 . 2010-04-25 13:51 99 ----a-w- c:\documents and settings\Compaq_Owner\jagex_runescape_preferences2.dat
2010-08-13 00:16 . 2010-08-13 00:16 503808 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcp71.dll
2010-08-13 00:16 . 2010-08-13 00:16 499712 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\jmc.dll
2010-08-13 00:16 . 2010-08-13 00:16 348160 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5403e732-n\msvcr71.dll
2010-08-13 00:16 . 2010-08-13 00:16 61440 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-sse.dll
2010-08-13 00:16 . 2010-08-13 00:16 12800 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-14f2343c-n\decora-d3d.dll
2010-08-13 00:16 . 2005-09-03 00:22 -------- d-----w- c:\program files\Java
2010-08-12 02:39 . 2006-05-13 02:53 -------- d-----w- c:\program files\Yahoo!
2010-08-12 02:31 . 2005-09-03 01:02 -------- d-----w- c:\program files\Google
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-08-12 02:31 . 2008-04-02 01:44 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Vso
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:31 . 2008-04-02 01:44 47360 ----a-w- c:\documents and settings\Compaq_Owner\Application Data\pcouffin.sys
2010-08-12 02:30 . 2005-09-03 00:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2004-08-04 05:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 05:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2010-06-24 12:15 78336 ------w- c:\windows\system32\ieencode.dll
2010-06-23 13:44 . 2004-08-04 05:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 05:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 05:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41 . 2004-08-04 05:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-03 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-01 196608]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-6-8 25214]
Autodetect.lnk - c:\program files\Photolightning\autodetect.exe [2006-3-23 28672]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-9-2 36903]
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex G USB Network Adapter\DynexWCUI.exe [2009-2-23 1462272]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-2-12 1073152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [2/23/2009 5:17 PM 198144]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [5/8/2007 11:56 AM 347648]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\o77z4xn1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-BlueRaTech - c:\program files\BlueRaTech\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 09:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2148)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\ALCXMNTR.EXE
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
**************************************************************************
.
Completion time: 2010-08-20 09:20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-20 14:20
ComboFix2.txt 2010-08-19 17:21

Pre-Run: 112,481,009,664 bytes free
Post-Run: 112,491,798,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4D2C059192277C84E180F1BACE8BB0AA
edttodd
Active Member
 
Posts: 12
Joined: August 16th, 2010, 2:40 pm

Re: Hijackthis log, Please help!

Unread postby DFW » August 20th, 2010, 12:31 pm

Hi edttodd


Open up Hijackthis
Click on do a system scan only.
Place a checkmark next to these lines(if still present)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Then close all windows except Hijackthis and click Fix Checked

Reboot





TFC(Temp File Cleaner)

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.




Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.



Next
Run RSIT

Please note there will be only one log this time.

  • RUN random's system information tool by doulbe clicking on (RSIT)on your desktop
  • Click Continue at the disclaimer screen.
  • Once it has finished, one log will open.
  • Please post the contents into next reply



Postback in this order Please

kaspersky Log
RSIT Log
How is your computer performing now, any further symptoms and or problems encountered?
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware