Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible virus?? Suddenly "disabled by administrator"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » April 14th, 2009, 9:39 am

Not sure what is going on w/computer. I all of a sudden have a lot of things that have been "disabled by administrator" e.g. task manager, windows automatic updates. It has all the "feel" of a virus but nothing is showing up when I run AVG. I uni-installed AVG and installed the 30-day trial version of Kaspersky, but it won't install as it continues to say that I still AVG installed. Thanks for your help! Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:12 AM, on 4/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Pgujixenibekepe] rundll32.exe "C:\WINDOWS\ihokicilucip.dll",e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [diyogijaha] Rundll32.exe "C:\WINDOWS\system32\wasijimu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [diyogijaha] Rundll32.exe "C:\WINDOWS\system32\wasijimu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890335158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8810928609
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxora ... uncher.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - AppInit_DLLs: eyvnzn.dll c:\windows\,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9277 bytes
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am
Advertisement
Register to Remove

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » April 25th, 2009, 3:12 am

Hello dancingheart714,

I apologise for the delay the forum is busy.

If you still need help post a new HijackThis log.

As you are not protected without an Anti-Virus, try to keep this pc, as much as you can away from Internet, untill we are able to install an Anti-Virus.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » April 25th, 2009, 5:44 pm

thanks for the help - I've noticed how busy the forum is! Here is the new HT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:44 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Pgujixenibekepe] rundll32.exe "C:\WINDOWS\ihokicilucip.dll",e
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [diyogijaha] Rundll32.exe "C:\WINDOWS\system32\wasijimu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [diyogijaha] Rundll32.exe "C:\WINDOWS\system32\wasijimu.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890335158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8810928609
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxora ... uncher.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O20 - AppInit_DLLs: eyvnzn.dll c:\windows\,
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9244 bytes
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » April 26th, 2009, 4:40 am

Hello dancingheart714,

I will be assisting you with your malware issues.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
  • If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.
----------------------------------------------
I have a lot of steps/tasks for you to do. If you have any questions, please come back and ask. Take your time, do everything and post all reports needed.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Download and run Combofix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.
Please include the C:\ComboFix.txt and a new HijackThis log, in your next reply for further review.
----------------------------------------------
At this step you will be able to download an Anti-Virus. Make sure your AVG is properly uninstalled, even if it's the one you choose to install again.
You might need to reboot to completely remove it.

UNINSTALL AVG FREE

Please go here and run AVG Remover(32bit).

Now download 1 of the three Anti-Virus programs below, update it, and let it scan your pc and quarantee what it finds.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition
- Free edition of the AVG anti-virus program for Windows.
- Available for single computer use for home and non commercial use.
----------------------------------------------
Rooter.exe

Download Rooter.exe to your desktop.
  • Then double-click it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.
----------------------------------------------
LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Click on Open the Misc Tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
----------------------------------------------
Post back:
Malwarebytes' Anti-Malware report.
Combofix report.
Rooter.txt
Programs list.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » April 28th, 2009, 7:49 pm

Here are all items asked for:

Malware Log:
Malwarebytes' Anti-Malware 1.36
Database version: 2051
Windows 5.1.2600 Service Pack 3

4/28/2009 8:25:37 AM
mbam-log-2009-04-28 (08-25-37).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181351
Time elapsed: 1 hour(s), 57 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 13
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\ihokicilucip.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pgujixenibekepe (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\ihokicilucip.dll (Trojan.Agent) -> Delete on reboot.

Combofix Log:
ComboFix 09-04-27.04 - HP_Owner 04/28/2009 9:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.97 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\system
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_NPF
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 13:56 . 2009-04-28 13:56 -------- d-----w c:\windows\LastGood
2009-04-14 01:07 . 2009-04-14 01:07 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-04 14:26 . 2009-04-14 01:11 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-04-04 14:26 . 2009-04-14 01:12 -------- d-----w c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 23:02 . 2008-03-29 00:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 14:42 . 2005-11-28 00:47 3798 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-04-17 21:00 . 2009-01-04 17:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-17 21:00 . 2005-09-10 12:37 -------- d-----w c:\program files\Java
2009-04-10 23:45 . 2009-03-17 22:54 0 ----a-w c:\windows\system32\drivers\c6d9c4ce.sys
2009-04-06 19:32 . 2008-08-15 12:48 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-15 12:48 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 21:33 . 2009-03-25 21:31 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-11 20:41 . 2008-07-03 23:37 34 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2006-02-01 00:29 . 2006-02-01 00:29 774144 ----a-w c:\program files\RngInterstitial.dll
2007-10-22 05:32 . 2007-06-06 19:08 152 --sh--r c:\windows\system32\CDF75E648F.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2004-12-06 49152]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-04-22 94208]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-04-22 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-04 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2008-5-23 204800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-17 77824]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"aux"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Small Rockets\\The Red Ace\\RedAce.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\YSFLIGHT.COM\\YSFLIGHT\\fsmaino.exe"=
"c:\\Program Files\\EA Games\\American McGee's Alice Demo\\alice.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R1 c6d9c4ce;c6d9c4ce;c:\windows\System32\drivers\c6d9c4ce.sys [2009-04-10 0]
R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-04-17 508544]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-04-17 3768]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SOFTXG;YAMAHA XG SoftSynthesizer; [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-06-17 55024]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ac0fc1-84c1-11dd-980d-0013d4e3f0ab}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8 ... -stage6&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 10:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,98,97,22,ec,18,
cb,cf,82,c8,28,51,af,b0,29,a3,98,12,7e,fd,44,df,8b,7d,f1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,bf,d5,56,6a,15,
4b,06,8c,71,3b,04,66,8b,46,0d,96,23,40,ff,48,06,35,7f,23,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,df,64,7d,8d,9c,
b1,f6,28,25,da,ec,7e,55,20,c9,26,ba,17,76,c2,0c,f3,bf,21,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,e9,51,71,22,97,
1b,42,c0,3e,1e,9e,e0,57,5a,93,61,70,64,9e,59,a3,35,0e,09,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,8f,36,1a,68,
8c,c2,bd,cd,44,cd,b9,a6,33,6c,cd,43,63,b3,f4,0a,42,93,1f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,b2,69,4f,05,
35,f1,b4,b0,18,ed,a7,3f,8d,37,a4,1b,6c,99,4b,6d,a1,97,38,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5c,31,7f,db,83,
64,60,c8,31,77,e1,ba,b1,f8,68,02,d4,6d,00,e8,c5,0a,a9,97,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ac,b4,c8,01,d4,
e5,92,ad,83,6c,56,8b,a0,85,96,ab,df,88,9f,64,27,a3,1e,da,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ca,30,08,1f,80,
f5,83,3d,51,fa,6e,91,28,9e,14,cc,17,4f,9b,bb,84,08,30,fe,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,cb,9f,7d,55,
23,a2,59,b1,cd,45,5a,a8,c4,f8,b9,80,79,48,af,30,a9,8b,8c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a1,a7,e8,e8,01,
1d,d5,1b,e3,0e,66,d5,eb,bc,2f,6b,6d,4f,5e,05,ea,c4,7b,a9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ee,fa,f7,53,91,
96,79,dd,fa,ea,66,7f,d4,3b,6b,70,ec,1e,ac,1c,1a,b4,97,3f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\hppapml0.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-04-28 10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 14:55

Pre-Run: 40,124,231,680 bytes free
Post-Run: 39,945,461,760 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,2,3,4,5
255 --- E O F --- 2009-04-28 13:59


Rooter Log:
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:68621 Mo/Free:1208 Mo)
D:\ [Fixed] - FAT32 - (Total:7680 Mo/Free:2133 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Removable] (Total:0 Mo/Free:0 Mo)

Tue 04/28/2009|19:40

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\UAService7.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\Program Files\Common Files\soft602\pdfSaver.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
---------- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
---------- C:\WINDOWS\system32\hppapml0.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\ALCXMNTR.EXE
---------- c:\windows\system\hpsysdrv.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\BNetGatewayEditor.zip
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Original 1.20 EXE
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Tracked_by_Demonoid_com.txt
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\War3.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\war3loader.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Warcraft 3 Frozen Throne Cdkeys.txt
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\WorldEdit.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\AsianLoader1.1.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\No.CD.1.20a.rar
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\war3x no-cd 1.20.zip
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\WARCRAFT.3.THE.FROZEN.THRONE.V1.18.ENG.HOODLUM.NOCD.ZIP
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\No.CD Cracks\Warcraft_III_Roc_&_FT_PvPGN_Loader_v1.2_by_Acid!.rar
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Original 1.20 EXE\war3.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Original 1.20 EXE\worldedit.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Patch 1.18a\War3ROC_118a_English.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Patch 1.18a\War3TFT_118a_English.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Patch 1.19\War3TFT_119a_119b_English.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Patch 1.19\War3TFT_119a_English.exe
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet\Patch 1.20a\War3TFT_120a_English.exe


1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/28/2009|19:41

----------------------\\ Scan completed at 19:41
HT Uninstall List:
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Help Center 2.1
Adobe Photoshop 7.0
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
Armored Fist 3 (remove only)
Audacity 1.2.6
Bonjour
CCleaner (remove only)
Creative MediaSource 5
Creative System Information
Creative Vienna SoundFont Studio
Creative ZEN Nano Plus
Defraggler (remove only)
Driver Detective
Easy CD-DA Extractor 11
EasyCal -- 1
ebgcInfra
ebgcRes
ebgcSDK
Ficedula DirectMusic plugin for Winamp (remove only)
GdiplusUpgrade
HijackThis 2.0.2
Homeschool Tracker Basic
Homestead SiteBuilder LPX
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Boot Optimizer
HP Imaging Device Functions 7.0
hp LaserJet 3300 Uninstaller
HP Solution Center 7.0
HP Update
ijji Auto Installer
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 13
Macromedia Extension Manager
Macromedia Flash Player 8
Macromedia Shockwave Player
MadeSafe Photopaint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Application Compatibility Toolkit 5.0
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Netflix Movie Viewer
Network Play System (Patching)
OCR Software by I.R.I.S 7.0
Office Suite 2006
Power Tab Editor 1.7
QuickTime
RealArcade
RealPlayer
RTP for RM2K (Png, Wav, Midi, Fonts)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Serif PhotoPlus 6.0
Shockwave
SiS VGA Utilities
StyleXP (remove only)
SUPERAntiSpyware Free Edition
SWiSHmax
Themexp.org File
Updates from HP (remove only)
Wal-Mart Music Downloads Store
Winamp
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
YS FLIGHT SIMULATION SYSTEM 2000
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » April 29th, 2009, 7:49 am

Hello dancingheart714,

Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:
c:\windows\system32\drivers\c6d9c4ce.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Do the same for this file too:
c:\windows\system32\CDF75E648F.dll
----------------------------------------------
Cracks are illegal and our forum policy says they should be removed.

Please remove:
C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet

Then re-run Rooter.exe and post back the report.
Also post Jotti results for both files.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » April 29th, 2009, 12:45 pm

The first file gave me: The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

Results for second file:
Scanner results
Scan taken on 29 Apr 2009 16:37:19 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Rooter:Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:68621 Mo/Free:849 Mo)
D:\ [Fixed] - FAT32 - (Total:7680 Mo/Free:2133 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)
L:\ [Removable] (Total:0 Mo/Free:0 Mo)
M:\ [Removable] (Total:0 Mo/Free:0 Mo)

Wed 04/29/2009|12:43

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\CTsvcCDA.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\UAService7.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\Program Files\Common Files\soft602\pdfSaver.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
---------- C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
---------- C:\Program Files\Messenger\msmsgs.exe
---------- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\hppapml0.exe
---------- C:\WINDOWS\ALCXMNTR.EXE
---------- c:\windows\system\hpsysdrv.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Software602\602Pro PC SUITE\602Text\exec\602TEXT.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/28/2009|19:41
2 - "C:\Rooter$\Rooter_2.txt" - Wed 04/29/2009|12:44

----------------------\\ Scan completed at 12:44
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » April 29th, 2009, 2:50 pm

Hello dancinghear714,

Thank you for Jotti results and the report.

Can you also post a new HijackThis log?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » April 30th, 2009, 9:45 pm

Sorry bout that - here's HT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:07 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890335158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8810928609
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxora ... uncher.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 8527 bytes
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » May 1st, 2009, 2:27 am

Hello dancingheart714,

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=41890&p=432582#p432582
    
    Collect::
    c:\windows\system32\drivers\c6d9c4ce.sys
    
    Folder::
    c:\Program Files\Java\jre1.6.0_03
    C:\DOCUME~1\HP_Owner\My Documents\Downloads\Warcraft 3.ReignOfChaosISO.FrozenThroneISO.Patch1.1-18.20a.NO-CDCrack.PVPGNBattlenet
    
    Driver::
    c6d9c4ce
    Viewpoint Manager Service
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=-
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
----------------------------------------------
Post back:
Combofix report.
Kaspersky report.
A new HijackThis log.
Tell me how the pc is running now.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » May 4th, 2009, 2:22 pm

ComboFix Report:
ComboFix 09-04-27.04 - HP_Owner 05/04/2009 7:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.56 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Java\jre1.6.0_03
c:\program files\Java\jre1.6.0_03\bin\awt.dll
c:\program files\Java\jre1.6.0_03\bin\axbridge.dll
c:\program files\Java\jre1.6.0_03\bin\client\classes.jsa
c:\program files\Java\jre1.6.0_03\bin\client\jvm.dll
c:\program files\Java\jre1.6.0_03\bin\client\Xusage.txt
c:\program files\Java\jre1.6.0_03\bin\cmm.dll
c:\program files\Java\jre1.6.0_03\bin\dcpr.dll
c:\program files\Java\jre1.6.0_03\bin\deploy.dll
c:\program files\Java\jre1.6.0_03\bin\dt_shmem.dll
c:\program files\Java\jre1.6.0_03\bin\dt_socket.dll
c:\program files\Java\jre1.6.0_03\bin\eula.dll
c:\program files\Java\jre1.6.0_03\bin\fontmanager.dll
c:\program files\Java\jre1.6.0_03\bin\hpi.dll
c:\program files\Java\jre1.6.0_03\bin\hprof.dll
c:\program files\Java\jre1.6.0_03\bin\instrument.dll
c:\program files\Java\jre1.6.0_03\bin\ioser12.dll
c:\program files\Java\jre1.6.0_03\bin\j2pcsc.dll
c:\program files\Java\jre1.6.0_03\bin\j2pkcs11.dll
c:\program files\Java\jre1.6.0_03\bin\jaas_nt.dll
c:\program files\Java\jre1.6.0_03\bin\java-rmi.exe
c:\program files\Java\jre1.6.0_03\bin\java.dll
c:\program files\Java\jre1.6.0_03\bin\java.exe
c:\program files\Java\jre1.6.0_03\bin\java_crw_demo.dll
c:\program files\Java\jre1.6.0_03\bin\javacpl.cpl
c:\program files\Java\jre1.6.0_03\bin\javacpl.exe
c:\program files\Java\jre1.6.0_03\bin\javaw.exe
c:\program files\Java\jre1.6.0_03\bin\javaws.exe
c:\program files\Java\jre1.6.0_03\bin\jawt.dll
c:\program files\Java\jre1.6.0_03\bin\JdbcOdbc.dll
c:\program files\Java\jre1.6.0_03\bin\jdwp.dll
c:\program files\Java\jre1.6.0_03\bin\jli.dll
c:\program files\Java\jre1.6.0_03\bin\jpeg.dll
c:\program files\Java\jre1.6.0_03\bin\jpicom.dll
c:\program files\Java\jre1.6.0_03\bin\jpiexp.dll
c:\program files\Java\jre1.6.0_03\bin\jpinscp.dll
c:\program files\Java\jre1.6.0_03\bin\jpioji.dll
c:\program files\Java\jre1.6.0_03\bin\jpishare.dll
c:\program files\Java\jre1.6.0_03\bin\jsound.dll
c:\program files\Java\jre1.6.0_03\bin\jsoundds.dll
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
c:\program files\Java\jre1.6.0_03\bin\jureg.exe
c:\program files\Java\jre1.6.0_03\bin\jusched.exe
c:\program files\Java\jre1.6.0_03\bin\keytool.exe
c:\program files\Java\jre1.6.0_03\bin\kinit.exe
c:\program files\Java\jre1.6.0_03\bin\klist.exe
c:\program files\Java\jre1.6.0_03\bin\ktab.exe
c:\program files\Java\jre1.6.0_03\bin\management.dll
c:\program files\Java\jre1.6.0_03\bin\msvcr71.dll
c:\program files\Java\jre1.6.0_03\bin\net.dll
c:\program files\Java\jre1.6.0_03\bin\nio.dll
c:\program files\Java\jre1.6.0_03\bin\npjava11.dll
c:\program files\Java\jre1.6.0_03\bin\npjava12.dll
c:\program files\Java\jre1.6.0_03\bin\npjava13.dll
c:\program files\Java\jre1.6.0_03\bin\npjava14.dll
c:\program files\Java\jre1.6.0_03\bin\npjava32.dll
c:\program files\Java\jre1.6.0_03\bin\npjpi160_03.dll
c:\program files\Java\jre1.6.0_03\bin\npoji610.dll
c:\program files\Java\jre1.6.0_03\bin\npt.dll
c:\program files\Java\jre1.6.0_03\bin\orbd.exe
c:\program files\Java\jre1.6.0_03\bin\pack200.exe
c:\program files\Java\jre1.6.0_03\bin\policytool.exe
c:\program files\Java\jre1.6.0_03\bin\regutils.dll
c:\program files\Java\jre1.6.0_03\bin\rmi.dll
c:\program files\Java\jre1.6.0_03\bin\rmid.exe
c:\program files\Java\jre1.6.0_03\bin\rmiregistry.exe
c:\program files\Java\jre1.6.0_03\bin\servertool.exe
c:\program files\Java\jre1.6.0_03\bin\splashscreen.dll
c:\program files\Java\jre1.6.0_03\bin\ssv.dll
c:\program files\Java\jre1.6.0_03\bin\sunmscapi.dll
c:\program files\Java\jre1.6.0_03\bin\tnameserv.exe
c:\program files\Java\jre1.6.0_03\bin\unpack.dll
c:\program files\Java\jre1.6.0_03\bin\unpack200.exe
c:\program files\Java\jre1.6.0_03\bin\verify.dll
c:\program files\Java\jre1.6.0_03\bin\w2k_lsa_auth.dll
c:\program files\Java\jre1.6.0_03\bin\wsdetect.dll
c:\program files\Java\jre1.6.0_03\bin\zip.dll
c:\program files\Java\jre1.6.0_03\COPYRIGHT
c:\program files\Java\jre1.6.0_03\lib\audio\soundbank.gm
c:\program files\Java\jre1.6.0_03\lib\calendars.properties
c:\program files\Java\jre1.6.0_03\lib\charsets.jar
c:\program files\Java\jre1.6.0_03\lib\classlist
c:\program files\Java\jre1.6.0_03\lib\cmm\CIEXYZ.pf
c:\program files\Java\jre1.6.0_03\lib\cmm\GRAY.pf
c:\program files\Java\jre1.6.0_03\lib\cmm\LINEAR_RGB.pf
c:\program files\Java\jre1.6.0_03\lib\cmm\PYCC.pf
c:\program files\Java\jre1.6.0_03\lib\cmm\sRGB.pf
c:\program files\Java\jre1.6.0_03\lib\content-types.properties
c:\program files\Java\jre1.6.0_03\lib\deploy.jar
c:\program files\Java\jre1.6.0_03\lib\deploy\ffjcext.zip
c:\program files\Java\jre1.6.0_03\lib\deploy\messages.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_de.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_es.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_fr.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_it.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_ja.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_ko.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_sv.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_zh_CN.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_zh_HK.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\messages_zh_TW.properties
c:\program files\Java\jre1.6.0_03\lib\deploy\splash.jpg
c:\program files\Java\jre1.6.0_03\lib\ext\dnsns.jar
c:\program files\Java\jre1.6.0_03\lib\ext\localedata.jar
c:\program files\Java\jre1.6.0_03\lib\ext\meta-index
c:\program files\Java\jre1.6.0_03\lib\ext\QTJava.zip
c:\program files\Java\jre1.6.0_03\lib\ext\sunjce_provider.jar
c:\program files\Java\jre1.6.0_03\lib\ext\sunmscapi.jar
c:\program files\Java\jre1.6.0_03\lib\ext\sunpkcs11.jar
c:\program files\Java\jre1.6.0_03\lib\flavormap.properties
c:\program files\Java\jre1.6.0_03\lib\fontconfig.98.bfc
c:\program files\Java\jre1.6.0_03\lib\fontconfig.98.properties.src
c:\program files\Java\jre1.6.0_03\lib\fontconfig.bfc
c:\program files\Java\jre1.6.0_03\lib\fontconfig.properties.src
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaBrightDemiBold.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaBrightDemiItalic.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaBrightItalic.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaBrightRegular.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaSansDemiBold.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaSansRegular.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaTypewriterBold.ttf
c:\program files\Java\jre1.6.0_03\lib\fonts\LucidaTypewriterRegular.ttf
c:\program files\Java\jre1.6.0_03\lib\i386\jvm.cfg
c:\program files\Java\jre1.6.0_03\lib\im\indicim.jar
c:\program files\Java\jre1.6.0_03\lib\im\thaiim.jar
c:\program files\Java\jre1.6.0_03\lib\images\cursors\cursors.properties
c:\program files\Java\jre1.6.0_03\lib\images\cursors\invalid32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Java\jre1.6.0_03\lib\javaws.jar
c:\program files\Java\jre1.6.0_03\lib\jce.jar
c:\program files\Java\jre1.6.0_03\lib\jsse.jar
c:\program files\Java\jre1.6.0_03\lib\jvm.hprof.txt
c:\program files\Java\jre1.6.0_03\lib\logging.properties
c:\program files\Java\jre1.6.0_03\lib\management-agent.jar
c:\program files\Java\jre1.6.0_03\lib\management\jmxremote.access
c:\program files\Java\jre1.6.0_03\lib\management\jmxremote.password.template
c:\program files\Java\jre1.6.0_03\lib\management\management.properties
c:\program files\Java\jre1.6.0_03\lib\management\snmp.acl.template
c:\program files\Java\jre1.6.0_03\lib\meta-index
c:\program files\Java\jre1.6.0_03\lib\net.properties
c:\program files\Java\jre1.6.0_03\lib\plugin.jar
c:\program files\Java\jre1.6.0_03\lib\psfont.properties.ja
c:\program files\Java\jre1.6.0_03\lib\psfontj2d.properties
c:\program files\Java\jre1.6.0_03\lib\resources.jar
c:\program files\Java\jre1.6.0_03\lib\rt.jar
c:\program files\Java\jre1.6.0_03\lib\security\cacerts
c:\program files\Java\jre1.6.0_03\lib\security\java.policy
c:\program files\Java\jre1.6.0_03\lib\security\java.security
c:\program files\Java\jre1.6.0_03\lib\security\javaws.policy
c:\program files\Java\jre1.6.0_03\lib\security\local_policy.jar
c:\program files\Java\jre1.6.0_03\lib\security\US_export_policy.jar
c:\program files\Java\jre1.6.0_03\lib\sound.properties
c:\program files\Java\jre1.6.0_03\lib\tzmappings
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Abidjan
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Accra
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Addis_Ababa
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Algiers
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Asmara
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Bamako
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Bangui
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Banjul
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Bissau
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Blantyre
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Brazzaville
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Bujumbura
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Cairo
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Casablanca
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Ceuta
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Conakry
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Dakar
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Dar_es_Salaam
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Djibouti
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Douala
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\El_Aaiun
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Freetown
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Gaborone
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Harare
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Johannesburg
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Kampala
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Khartoum
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Kigali
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Kinshasa
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Lagos
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Libreville
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Lome
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Luanda
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Lubumbashi
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Lusaka
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Malabo
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Maputo
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Maseru
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Mbabane
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Mogadishu
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Monrovia
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Nairobi
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Ndjamena
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Niamey
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Nouakchott
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Ouagadougou
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Porto-Novo
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Sao_Tome
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Tripoli
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Tunis
c:\program files\Java\jre1.6.0_03\lib\zi\Africa\Windhoek
c:\program files\Java\jre1.6.0_03\lib\zi\America\Adak
c:\program files\Java\jre1.6.0_03\lib\zi\America\Anchorage
c:\program files\Java\jre1.6.0_03\lib\zi\America\Anguilla
c:\program files\Java\jre1.6.0_03\lib\zi\America\Antigua
c:\program files\Java\jre1.6.0_03\lib\zi\America\Araguaina
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Catamarca
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Cordoba
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Jujuy
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\La_Rioja
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Mendoza
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\San_Juan
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Tucuman
c:\program files\Java\jre1.6.0_03\lib\zi\America\Argentina\Ushuaia
c:\program files\Java\jre1.6.0_03\lib\zi\America\Aruba
c:\program files\Java\jre1.6.0_03\lib\zi\America\Asuncion
c:\program files\Java\jre1.6.0_03\lib\zi\America\Atikokan
c:\program files\Java\jre1.6.0_03\lib\zi\America\Bahia
c:\program files\Java\jre1.6.0_03\lib\zi\America\Barbados
c:\program files\Java\jre1.6.0_03\lib\zi\America\Belem
c:\program files\Java\jre1.6.0_03\lib\zi\America\Belize
c:\program files\Java\jre1.6.0_03\lib\zi\America\Blanc-Sablon
c:\program files\Java\jre1.6.0_03\lib\zi\America\Boa_Vista
c:\program files\Java\jre1.6.0_03\lib\zi\America\Bogota
c:\program files\Java\jre1.6.0_03\lib\zi\America\Boise
c:\program files\Java\jre1.6.0_03\lib\zi\America\Cambridge_Bay
c:\program files\Java\jre1.6.0_03\lib\zi\America\Campo_Grande
c:\program files\Java\jre1.6.0_03\lib\zi\America\Cancun
c:\program files\Java\jre1.6.0_03\lib\zi\America\Caracas
c:\program files\Java\jre1.6.0_03\lib\zi\America\Cayenne
c:\program files\Java\jre1.6.0_03\lib\zi\America\Cayman
c:\program files\Java\jre1.6.0_03\lib\zi\America\Chicago
c:\program files\Java\jre1.6.0_03\lib\zi\America\Chihuahua
c:\program files\Java\jre1.6.0_03\lib\zi\America\Costa_Rica
c:\program files\Java\jre1.6.0_03\lib\zi\America\Cuiaba
c:\program files\Java\jre1.6.0_03\lib\zi\America\Curacao
c:\program files\Java\jre1.6.0_03\lib\zi\America\Danmarkshavn
c:\program files\Java\jre1.6.0_03\lib\zi\America\Dawson
c:\program files\Java\jre1.6.0_03\lib\zi\America\Dawson_Creek
c:\program files\Java\jre1.6.0_03\lib\zi\America\Denver
c:\program files\Java\jre1.6.0_03\lib\zi\America\Detroit
c:\program files\Java\jre1.6.0_03\lib\zi\America\Dominica
c:\program files\Java\jre1.6.0_03\lib\zi\America\Edmonton
c:\program files\Java\jre1.6.0_03\lib\zi\America\Eirunepe
c:\program files\Java\jre1.6.0_03\lib\zi\America\El_Salvador
c:\program files\Java\jre1.6.0_03\lib\zi\America\Fortaleza
c:\program files\Java\jre1.6.0_03\lib\zi\America\Glace_Bay
c:\program files\Java\jre1.6.0_03\lib\zi\America\Godthab
c:\program files\Java\jre1.6.0_03\lib\zi\America\Goose_Bay
c:\program files\Java\jre1.6.0_03\lib\zi\America\Grand_Turk
c:\program files\Java\jre1.6.0_03\lib\zi\America\Grenada
c:\program files\Java\jre1.6.0_03\lib\zi\America\Guadeloupe
c:\program files\Java\jre1.6.0_03\lib\zi\America\Guatemala
c:\program files\Java\jre1.6.0_03\lib\zi\America\Guayaquil
c:\program files\Java\jre1.6.0_03\lib\zi\America\Guyana
c:\program files\Java\jre1.6.0_03\lib\zi\America\Halifax
c:\program files\Java\jre1.6.0_03\lib\zi\America\Havana
c:\program files\Java\jre1.6.0_03\lib\zi\America\Hermosillo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Indianapolis
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Knox
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Marengo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Petersburg
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Tell_City
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vevay
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Vincennes
c:\program files\Java\jre1.6.0_03\lib\zi\America\Indiana\Winamac
c:\program files\Java\jre1.6.0_03\lib\zi\America\Inuvik
c:\program files\Java\jre1.6.0_03\lib\zi\America\Iqaluit
c:\program files\Java\jre1.6.0_03\lib\zi\America\Jamaica
c:\program files\Java\jre1.6.0_03\lib\zi\America\Juneau
c:\program files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Louisville
c:\program files\Java\jre1.6.0_03\lib\zi\America\Kentucky\Monticello
c:\program files\Java\jre1.6.0_03\lib\zi\America\La_Paz
c:\program files\Java\jre1.6.0_03\lib\zi\America\Lima
c:\program files\Java\jre1.6.0_03\lib\zi\America\Los_Angeles
c:\program files\Java\jre1.6.0_03\lib\zi\America\Maceio
c:\program files\Java\jre1.6.0_03\lib\zi\America\Managua
c:\program files\Java\jre1.6.0_03\lib\zi\America\Manaus
c:\program files\Java\jre1.6.0_03\lib\zi\America\Martinique
c:\program files\Java\jre1.6.0_03\lib\zi\America\Mazatlan
c:\program files\Java\jre1.6.0_03\lib\zi\America\Menominee
c:\program files\Java\jre1.6.0_03\lib\zi\America\Merida
c:\program files\Java\jre1.6.0_03\lib\zi\America\Mexico_City
c:\program files\Java\jre1.6.0_03\lib\zi\America\Miquelon
c:\program files\Java\jre1.6.0_03\lib\zi\America\Moncton
c:\program files\Java\jre1.6.0_03\lib\zi\America\Monterrey
c:\program files\Java\jre1.6.0_03\lib\zi\America\Montevideo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Montreal
c:\program files\Java\jre1.6.0_03\lib\zi\America\Montserrat
c:\program files\Java\jre1.6.0_03\lib\zi\America\Nassau
c:\program files\Java\jre1.6.0_03\lib\zi\America\New_York
c:\program files\Java\jre1.6.0_03\lib\zi\America\Nipigon
c:\program files\Java\jre1.6.0_03\lib\zi\America\Nome
c:\program files\Java\jre1.6.0_03\lib\zi\America\Noronha
c:\program files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\Center
c:\program files\Java\jre1.6.0_03\lib\zi\America\North_Dakota\New_Salem
c:\program files\Java\jre1.6.0_03\lib\zi\America\Panama
c:\program files\Java\jre1.6.0_03\lib\zi\America\Pangnirtung
c:\program files\Java\jre1.6.0_03\lib\zi\America\Paramaribo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Phoenix
c:\program files\Java\jre1.6.0_03\lib\zi\America\Port-au-Prince
c:\program files\Java\jre1.6.0_03\lib\zi\America\Port_of_Spain
c:\program files\Java\jre1.6.0_03\lib\zi\America\Porto_Velho
c:\program files\Java\jre1.6.0_03\lib\zi\America\Puerto_Rico
c:\program files\Java\jre1.6.0_03\lib\zi\America\Rainy_River
c:\program files\Java\jre1.6.0_03\lib\zi\America\Rankin_Inlet
c:\program files\Java\jre1.6.0_03\lib\zi\America\Recife
c:\program files\Java\jre1.6.0_03\lib\zi\America\Regina
c:\program files\Java\jre1.6.0_03\lib\zi\America\Resolute
c:\program files\Java\jre1.6.0_03\lib\zi\America\Rio_Branco
c:\program files\Java\jre1.6.0_03\lib\zi\America\Santiago
c:\program files\Java\jre1.6.0_03\lib\zi\America\Santo_Domingo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Sao_Paulo
c:\program files\Java\jre1.6.0_03\lib\zi\America\Scoresbysund
c:\program files\Java\jre1.6.0_03\lib\zi\America\St_Johns
c:\program files\Java\jre1.6.0_03\lib\zi\America\St_Kitts
c:\program files\Java\jre1.6.0_03\lib\zi\America\St_Lucia
c:\program files\Java\jre1.6.0_03\lib\zi\America\St_Thomas
c:\program files\Java\jre1.6.0_03\lib\zi\America\St_Vincent
c:\program files\Java\jre1.6.0_03\lib\zi\America\Swift_Current
c:\program files\Java\jre1.6.0_03\lib\zi\America\Tegucigalpa
c:\program files\Java\jre1.6.0_03\lib\zi\America\Thule
c:\program files\Java\jre1.6.0_03\lib\zi\America\Thunder_Bay
c:\program files\Java\jre1.6.0_03\lib\zi\America\Tijuana
c:\program files\Java\jre1.6.0_03\lib\zi\America\Toronto
c:\program files\Java\jre1.6.0_03\lib\zi\America\Tortola
c:\program files\Java\jre1.6.0_03\lib\zi\America\Vancouver
c:\program files\Java\jre1.6.0_03\lib\zi\America\Whitehorse
c:\program files\Java\jre1.6.0_03\lib\zi\America\Winnipeg
c:\program files\Java\jre1.6.0_03\lib\zi\America\Yakutat
c:\program files\Java\jre1.6.0_03\lib\zi\America\Yellowknife
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Casey
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Davis
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\DumontDUrville
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Mawson
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\McMurdo
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Palmer
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Rothera
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Syowa
c:\program files\Java\jre1.6.0_03\lib\zi\Antarctica\Vostok
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Aden
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Almaty
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Amman
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Anadyr
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Aqtau
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Aqtobe
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Ashgabat
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Baghdad
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Bahrain
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Baku
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Bangkok
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Beirut
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Bishkek
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Brunei
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Calcutta
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Choibalsan
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Chongqing
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Colombo
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Damascus
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Dhaka
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Dili
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Dubai
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Dushanbe
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Gaza
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Harbin
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Hong_Kong
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Hovd
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Irkutsk
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Jakarta
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Jayapura
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Jerusalem
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kabul
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kamchatka
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Karachi
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kashgar
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Katmandu
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Krasnoyarsk
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kuala_Lumpur
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kuching
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Kuwait
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Macau
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Magadan
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Makassar
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Manila
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Muscat
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Nicosia
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Novosibirsk
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Omsk
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Oral
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Phnom_Penh
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Pontianak
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Pyongyang
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Qatar
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Qyzylorda
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Rangoon
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh87
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh88
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Riyadh89
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Saigon
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Sakhalin
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Samarkand
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Seoul
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Shanghai
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Singapore
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Taipei
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Tashkent
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Tbilisi
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Tehran
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Thimphu
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Tokyo
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Ulaanbaatar
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Urumqi
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Vientiane
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Vladivostok
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Yakutsk
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Yekaterinburg
c:\program files\Java\jre1.6.0_03\lib\zi\Asia\Yerevan
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Azores
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Bermuda
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Canary
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Cape_Verde
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Faroe
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Madeira
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Reykjavik
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\South_Georgia
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\St_Helena
c:\program files\Java\jre1.6.0_03\lib\zi\Atlantic\Stanley
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Adelaide
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Brisbane
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Broken_Hill
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Currie
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Darwin
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Eucla
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Hobart
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Lindeman
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Lord_Howe
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Melbourne
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Perth
c:\program files\Java\jre1.6.0_03\lib\zi\Australia\Sydney
c:\program files\Java\jre1.6.0_03\lib\zi\CET
c:\program files\Java\jre1.6.0_03\lib\zi\CST6CDT
c:\program files\Java\jre1.6.0_03\lib\zi\EET
c:\program files\Java\jre1.6.0_03\lib\zi\EST
c:\program files\Java\jre1.6.0_03\lib\zi\EST5EDT
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-1
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-10
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-11
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-12
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-13
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-14
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-2
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-3
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-4
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-5
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-6
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-7
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-8
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT-9
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+1
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+10
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+11
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+12
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+2
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+3
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+4
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+5
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+6
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+7
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+8
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\GMT+9
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\UCT
c:\program files\Java\jre1.6.0_03\lib\zi\Etc\UTC
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Amsterdam
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Andorra
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Athens
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Belgrade
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Berlin
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Brussels
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Bucharest
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Budapest
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Chisinau
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Copenhagen
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Dublin
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Gibraltar
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Helsinki
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Istanbul
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Kaliningrad
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Kiev
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Lisbon
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\London
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Luxembourg
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Madrid
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Malta
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Minsk
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Monaco
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Moscow
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Oslo
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Paris
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Prague
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Riga
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Rome
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Samara
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Simferopol
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Sofia
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Stockholm
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Tallinn
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Tirane
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Uzhgorod
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Vaduz
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Vienna
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Vilnius
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Volgograd
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Warsaw
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Zaporozhye
c:\program files\Java\jre1.6.0_03\lib\zi\Europe\Zurich
c:\program files\Java\jre1.6.0_03\lib\zi\GMT
c:\program files\Java\jre1.6.0_03\lib\zi\HST
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Antananarivo
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Chagos
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Christmas
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Cocos
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Comoro
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Kerguelen
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Mahe
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Maldives
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Mauritius
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Mayotte
c:\program files\Java\jre1.6.0_03\lib\zi\Indian\Reunion
c:\program files\Java\jre1.6.0_03\lib\zi\MET
c:\program files\Java\jre1.6.0_03\lib\zi\MST
c:\program files\Java\jre1.6.0_03\lib\zi\MST7MDT
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Apia
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Auckland
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Chatham
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Easter
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Efate
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Enderbury
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Fakaofo
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Fiji
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Funafuti
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Galapagos
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Gambier
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Guadalcanal
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Guam
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Honolulu
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Johnston
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Kiritimati
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Kosrae
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Kwajalein
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Majuro
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Marquesas
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Midway
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Nauru
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Niue
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Norfolk
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Noumea
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Pago_Pago
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Palau
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Pitcairn
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Ponape
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Port_Moresby
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Rarotonga
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Saipan
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Tahiti
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Tarawa
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Tongatapu
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Truk
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Wake
c:\program files\Java\jre1.6.0_03\lib\zi\Pacific\Wallis
c:\program files\Java\jre1.6.0_03\lib\zi\PST8PDT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\AST4
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\AST4ADT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\CST6
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\CST6CDT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\EST5
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\EST5EDT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\HST10
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\MST7
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\MST7MDT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\PST8
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\PST8PDT
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\YST9
c:\program files\Java\jre1.6.0_03\lib\zi\SystemV\YST9YDT
c:\program files\Java\jre1.6.0_03\lib\zi\WET
c:\program files\Java\jre1.6.0_03\lib\zi\ZoneInfoMappings
c:\program files\Java\jre1.6.0_03\LICENSE
c:\program files\Java\jre1.6.0_03\LICENSE.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_de.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_es.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_fr.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_it.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_ja.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_ko.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_sv.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_zh_CN.rtf
c:\program files\Java\jre1.6.0_03\LICENSE_zh_TW.rtf
c:\program files\Java\jre1.6.0_03\README.txt
c:\program files\Java\jre1.6.0_03\THIRDPARTYLICENSEREADME.txt
c:\program files\Java\jre1.6.0_03\Welcome.html
c:\windows\system32\drivers\c6d9c4ce.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_c6d9c4ce
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-5-4 )))))))))))))))))))))))))))))))
.

2009-04-28 23:40 . 2009-04-29 16:44 -------- d-----w C:\Rooter$
2009-04-28 13:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-28 13:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-28 13:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-28 13:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-28 13:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 13:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 13:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 13:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-28 13:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-28 13:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-28 13:56 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 01:07 . 2009-04-14 01:07 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-04 14:26 . 2009-04-14 01:11 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2009-04-04 14:26 . 2009-04-14 01:12 -------- d-----w c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 12:02 . 2005-09-10 12:37 -------- d-----w c:\program files\Java
2009-04-27 23:02 . 2008-03-29 00:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 14:42 . 2005-11-28 00:47 3798 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-04-17 21:00 . 2009-01-04 17:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 19:32 . 2008-08-15 12:48 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-15 12:48 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 21:33 . 2009-03-25 21:31 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-11 20:41 . 2008-07-03 23:37 34 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-02-03 16:54 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 11:11 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2004-08-04 19:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-04 19:00 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-04 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-02-01 00:29 . 2006-02-01 00:29 774144 ----a-w c:\program files\RngInterstitial.dll
2007-10-22 05:32 . 2007-06-06 19:08 152 --sh--r c:\windows\system32\CDF75E648F.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-28_14.46.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 12:08 . 2009-05-04 12:08 16384 c:\windows\TEMP\Perflib_Perfdata_310.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2005-06-25 05:43 . 2009-04-29 07:17 72680 c:\windows\system32\perfc009.dat
- 2005-06-25 05:43 . 2009-03-12 07:12 72680 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2006-11-08 02:03 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 08:26 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 08:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 16:58 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 16:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2004-08-04 12:00 . 2009-02-06 10:39 35328 c:\windows\system32\dllcache\sc.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-05-09 22:40 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-05-09 22:40 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-09 22:40 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-09 22:40 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-03 16:54 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-03 16:54 . 2007-08-13 22:45 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-08-21 02:25 . 2007-04-02 18:26 19456 c:\windows\system32\dllcache\agt040d.dll
+ 2008-08-21 02:25 . 2007-04-02 18:25 19456 c:\windows\system32\dllcache\agt0401.dll
+ 2008-08-21 02:25 . 2007-04-02 18:26 19456 c:\windows\msagent\intl\agt040d.dll
+ 2008-08-21 02:25 . 2007-04-02 18:25 19456 c:\windows\msagent\intl\agt0401.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-29 07:05 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-29 07:05 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-29 07:05 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-29 07:05 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-29 07:05 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2008-08-21 02:28 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdpash.dll
+ 2008-08-21 02:28 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdnepr.dll
+ 2004-08-04 12:00 . 2008-04-14 00:09 6656 c:\windows\system32\dllcache\kbdinmal.dll
+ 2004-08-04 12:00 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdinben.dll
+ 2004-08-04 12:00 . 2008-04-14 00:09 6144 c:\windows\system32\dllcache\kbdinbe1.dll
+ 2004-08-04 12:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-08-04 12:00 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-08-04 12:00 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2005-06-25 05:43 . 2009-03-12 07:12 445152 c:\windows\system32\perfh009.dat
+ 2005-06-25 05:43 . 2009-04-29 07:17 445152 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2006-11-08 02:03 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-04 12:00 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2004-08-04 12:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2004-08-04 12:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2006-10-17 16:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 22:40 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 22:40 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2004-08-04 12:00 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 22:40 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-09 22:40 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-09 22:40 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-29 07:05 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-29 07:05 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-29 07:05 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-29 07:05 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-29 07:05 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-29 07:05 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2006-09-06 04:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2006-09-06 04:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 12:00 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-15 11:23 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 11:22 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 11:22 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-10-15 11:22 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 11:22 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 11:23 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-15 11:23 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 12:00 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 22:40 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 22:40 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-05-09 22:40 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-29 07:05 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-29 07:05 . 2009-01-17 02:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-29 07:05 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-29 07:05 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2008-10-15 11:23 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 11:22 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 11:22 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 11:22 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 11:22 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 11:23 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 11:23 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-28 13:55 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2004-12-06 49152]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-04-22 94208]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-04-22 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-04 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2008-5-23 204800]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-17 77824]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"aux"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Small Rockets\\The Red Ace\\RedAce.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\YSFLIGHT.COM\\YSFLIGHT\\fsmaino.exe"=
"c:\\Program Files\\EA Games\\American McGee's Alice Demo\\alice.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [2008-04-17 508544]
R3 DrmRVideo32;DrmRVideo32;c:\windows\system32\DRIVERS\DrmRVideo32.sys [2008-04-17 3768]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 SOFTXG;YAMAHA XG SoftSynthesizer; [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-06-17 55024]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ac0fc1-84c1-11dd-980d-0013d4e3f0ab}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
DPF: Microsoft XML Parser for Java
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8 ... -stage6&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 08:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,98,97,22,ec,18,
cb,cf,82,c8,28,51,af,b0,29,a3,98,12,7e,fd,44,df,8b,7d,f1,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,bf,d5,56,6a,15,
4b,06,8c,71,3b,04,66,8b,46,0d,96,23,40,ff,48,06,35,7f,23,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,df,64,7d,8d,9c,
b1,f6,28,25,da,ec,7e,55,20,c9,26,ba,17,76,c2,0c,f3,bf,21,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,e9,51,71,22,97,
1b,42,c0,3e,1e,9e,e0,57,5a,93,61,70,64,9e,59,a3,35,0e,09,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,82,8f,36,1a,68,
8c,c2,bd,cd,44,cd,b9,a6,33,6c,cd,43,63,b3,f4,0a,42,93,1f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,2f,b2,69,4f,05,
35,f1,b4,b0,18,ed,a7,3f,8d,37,a4,1b,6c,99,4b,6d,a1,97,38,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,5c,31,7f,db,83,
64,60,c8,31,77,e1,ba,b1,f8,68,02,d4,6d,00,e8,c5,0a,a9,97,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ac,b4,c8,01,d4,
e5,92,ad,83,6c,56,8b,a0,85,96,ab,df,88,9f,64,27,a3,1e,da,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,ca,30,08,1f,80,
f5,83,3d,51,fa,6e,91,28,9e,14,cc,17,4f,9b,bb,84,08,30,fe,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,5d,cb,9f,7d,55,
23,a2,59,b1,cd,45,5a,a8,c4,f8,b9,80,79,48,af,30,a9,8b,8c,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,a1,a7,e8,e8,01,
1d,d5,1b,e3,0e,66,d5,eb,bc,2f,6b,6d,4f,5e,05,ea,c4,7b,a9,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ee,fa,f7,53,91,
96,79,dd,fa,ea,66,7f,d4,3b,6b,70,ec,1e,ac,1c,1a,b4,97,3f,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\hppapml0.exe
.
**************************************************************************
.
Completion time: 2009-05-04 8:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 12:18
ComboFix2.txt 2009-04-28 14:56

Pre-Run: 42,401,988,608 bytes free
Post-Run: 42,912,223,232 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,2,3,4,5
1084 --- E O F --- 2009-04-29 07:06

HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:16 PM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890335158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8810928609
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxora ... uncher.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9500 bytes

Kaspersky: Still won't let me run it. It says "Starting Java applet has failed. Please use this program online."

How PC is running now: We no longer have the "disabled by administrator" boxes coming up, automatic updates are now running. I received a letter from our internet provider (Charter Communications) about 4 days ago warning me that spam was being sent from our account - apparantly an e-mail address I have with them that I don't even use - so I'm not sure how to know if that has ceased. Any advice on that??
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » May 5th, 2009, 11:43 am

Hello dancingheart714,

Kaspersky: Still won't let me run it. It says "Starting Java applet has failed. Please use this program online."

Ok i suppose you used Internet Explorer for that as i can't see any other browser.
We'll run another scanner.

How PC is running now: We no longer have the "disabled by administrator" boxes coming up, automatic updates are now running.

Nice. :)

I received a letter from our internet provider (Charter Communications) about 4 days ago warning me that spam was being sent from our account - apparantly an e-mail address I have with them that I don't even use - so I'm not sure how to know if that has ceased. Any advice on that??

This may happened due to the infections. Can you contact them and ask them?
I believe those should have stopped by now.
----------------------------------------------
BitDefender Online Scan

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html

Under SCANNING OPTIONS, use the following Settings:
  • Image
  • Action options - Report only
  • Second option - Report only
Once finished, click on "Click here to export the scan results"

Save the report to your desktop, then post those results in your next reply.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » May 8th, 2009, 10:24 am

I had some trouble getting this to run, and it didn't show me the type of box that you indicated - however, here is the report that it gave me after running:

BitDefender Online Scanner
Scan report generated at: Thu, May 07, 2009 - 22:30:47

Scan path: C:\;D:\;E:\;I:\;J:\;L:\;M:\;
Statistics
Time
02:56:39
Files
399600
Folders
9978
Boot Sectors
0
Archives
16559
Packed Files
17920

Results
Identified Viruses
2
Infected Files
2
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
2

Engines Info
Virus Definitions
2902156
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
17

Archive plugins
45

Unpack plugins
7

E-mail plugins
6

System plugins
4

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File
Status

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1337\A0340956.dll
Infected with: Trojan.Generic.1569372

C:\System Volume Information\_restore{A2578CBA-012A-4EE9-9E3D-27D3F494A2B6}\RP1337\A0340956.dll
Deleted

D:\I386\Apps\APP01599\src\install\Worldwide-HP\games\{46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1}.exe=>(NSIS o)=>lzma_solid_nsis0001
Infected with: Dropped:Generic.PWS.Games.4.ECF6104A

D:\I386\Apps\APP01599\src\install\Worldwide-HP\games\{46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1}.exe=>(NSIS o)=>lzma_solid_nsis0001
Disinfection failed

D:\I386\Apps\APP01599\src\install\Worldwide-HP\games\{46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1}.exe=>(NSIS o)=>lzma_solid_nsis0001
Deleted

D:\I386\Apps\APP01599\src\install\Worldwide-HP\games\{46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1}.exe=>(NSIS o)
Update failed


I've still got some stuff going on that I can't seem to fix - my son uses an OLS system for his schooling and when we try to log in it keeps telling us we need to install a new version of flash - over and over, even after installing it (which I think is working) the flash shows up in the list of enabled add-ons but it doesn't appear to be recognizing it. And I can't get mozilla browser to work at all.
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby chryssi2001 » May 8th, 2009, 12:42 pm

Hello dancingheart714,

I all of a sudden have a lot of things that have been "disabled by administrator" e.g. task manager, windows automatic updates. It has all the "feel" of a virus but nothing is showing up when I run AVG. I uni-installed AVG and installed the 30-day trial version of Kaspersky, but it won't install as it continues to say that I still AVG installed.

These are the problem you had when you posted. Do task manager and Windows Automatic updates works now?

Please go to my post here and install an Anti-Virus. You failed to do so. Let me know it it installs properly, update it and run it. Set it to update and scan daily your pc.

What is your D:\ Drive?

D:\I386\Apps\APP01599\src\install\Worldwide-HP\games\{46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1}.exe=>(NSIS o)=>lzma_solid_nsis0001

Can you go mannually and see if the red part is still there? If yes remove it.

I've still got some stuff going on that I can't seem to fix - my son uses an OLS system for his schooling and when we try to log in it keeps telling us we need to install a new version of flash - over and over, even after installing it (which I think is working) the flash shows up in the list of enabled add-ons but it doesn't appear to be recognizing it. And I can't get mozilla browser to work at all.

Which is your sons program? Can you tell me which one it is and if it excists in your programs list you posted?
----------------------------------------------
COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Post back:
Combofix report. After Combofix finishes and creates the report, kindly try to login your sons school program. Let me know if it works.
A new HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Possible virus?? Suddenly "disabled by administrator"

Unread postby dancingheart714 » May 8th, 2009, 8:28 pm

These are the problem you had when you posted. Do task manager and Windows Automatic updates works now? Yes, both of those items are running correctly

Please go to my post here and install an Anti-Virus. You failed to do so. Let me know it it installs properly, update it and run it. Set it to update and scan daily your pc.I have been running AVG - not sure why it doesn't show in the list

What is your D:\ Drive? There was a game in the CD drive - removed it

Which is your sons program? Can you tell me which one it is and if it excists in your programs list you posted?
It's not run from a program - it appears to be a problem with either Adobe flash player, it keeps telling me it's not installed but when I download it from their site it says the download has been completed - or it's because the browser isn't allowing the pop-up boxes that the site needs, but I can't find anywhere where pop-ups are disabled

New HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:28 PM, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d ... o-eula.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2890335158
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8810928609
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - http://www.shockwave.com/content/luxora ... uncher.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9374 bytes

New ComboFix log:
ComboFix 09-05-08.03 - HP_Owner 05/08/2009 18:16.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.115 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-07 12:40 . 2009-05-08 13:10 -------- d-----w c:\windows\BDOSCAN8
2009-05-04 12:34 . 2009-05-08 12:30 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-04 12:34 . 2009-05-08 12:29 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-04 12:34 . 2009-05-08 12:29 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-04 12:34 . 2009-05-08 14:32 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-04 12:33 . 2009-05-04 12:33 -------- d-----w c:\program files\AVG
2009-05-04 12:33 . 2009-05-08 22:05 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-28 23:40 . 2009-04-29 16:44 -------- d-----w C:\Rooter$
2009-04-28 13:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-28 13:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-28 13:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-28 13:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-28 13:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-28 13:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-28 13:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-28 13:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-28 13:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-28 13:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-28 13:56 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 01:07 . 2009-04-14 01:07 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 14:00 . 2006-08-02 03:11 -------- d-----w c:\program files\Small Rockets
2009-05-08 13:41 . 2008-03-25 21:21 -------- d-----w c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-05-08 13:41 . 2008-03-29 04:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-08 13:41 . 2008-03-25 21:21 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-08 13:40 . 2005-09-10 12:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-08 13:40 . 2006-01-08 23:27 -------- d-----w c:\program files\Serif
2009-05-08 13:34 . 2007-05-19 16:59 -------- d-----w c:\program files\MadeSafe Office
2009-05-04 12:02 . 2005-09-10 12:37 -------- d-----w c:\program files\Java
2009-04-27 23:02 . 2008-03-29 00:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-22 14:42 . 2005-11-28 00:47 3798 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2009-04-17 21:00 . 2009-01-04 17:59 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-06 19:32 . 2008-08-15 12:48 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-08-15 12:48 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 21:33 . 2009-03-25 21:31 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-11 20:41 . 2008-07-03 23:37 34 ----a-w c:\documents and settings\HP_Owner\jagex_runescape_preferences.dat
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2009-02-03 16:54 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2006-02-01 00:29 . 2006-02-01 00:29 774144 ----a-w c:\program files\RngInterstitial.dll
2007-10-22 05:32 . 2007-06-06 19:08 152 --sh--r c:\windows\system32\CDF75E648F.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-05-04_12.09.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-08 17:08 . 2009-05-08 17:08 16384 c:\windows\TEMP\Perflib_Perfdata_1c4.dat
+ 2009-05-04 12:34 . 2009-05-08 12:29 27784 c:\windows\system32\drivers\avgmfx86.sys
+ 2008-01-09 19:01 . 2008-01-09 19:01 53248 c:\windows\Downloaded Program Files\ipsupd.dll
+ 2008-01-09 19:01 . 2008-01-09 19:01 53248 c:\windows\bdoscandel.exe
+ 2009-05-07 12:41 . 2009-05-07 12:41 86016 c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 19:01 . 2008-01-09 19:01 53248 c:\windows\BDOSCAN8\ipsupd.dll
+ 2009-05-07 12:41 . 2009-05-07 12:41 27136 c:\windows\BDOSCAN8\avxt.dll
+ 2009-05-07 12:41 . 2009-05-07 12:41 10240 c:\windows\BDOSCAN8\avxs.dll
+ 2009-05-07 12:41 . 2009-05-07 12:41 45056 c:\windows\BDOSCAN8\avxdisk.dll
+ 2009-02-03 02:07 . 2009-02-03 02:07 240544 c:\windows\system32\Macromed\Flash\FlashUtil10b.exe
+ 2008-01-09 19:01 . 2008-01-09 19:01 118784 c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 19:01 . 2008-01-09 19:01 118784 c:\windows\BDOSCAN8\bdupd.dll
+ 2009-02-02 22:07 . 2009-02-02 22:07 1914440 c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"pdfSaver3"="c:\program files\PDF\pdfSaver\pdfSaver3.exe" [2004-05-19 385024]
"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"602PC SUITE PDF Saver"="c:\program files\Common Files\soft602\pdfSaver.exe" [2004-12-06 49152]
"HP SchedIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-04-22 94208]
"HP AutoIndexer"="c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-04-22 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-04 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-17 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-05-26 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2008-5-23 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 12:30 11952 ----a-w c:\windows\system32\avgrsstx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"aux"= wdmaud.sys

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134433298\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Small Rockets\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_client_release.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\EA Games\\American McGee's Alice Demo\\alice.exe"=
"c:\\My Games\\Red Ace Squadron\\acenet_server_release.exe"=
"c:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2009 8:34 AM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2009 8:34 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [5/4/2009 8:33 AM 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/4/2009 8:33 AM 298776]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 DrmRDriverV32;DrmRDriverV32;c:\windows\system32\drivers\DrmRDriverV32.sys [4/18/2008 4:48 PM 508544]
S3 DrmRVideo32;DrmRVideo32;c:\windows\system32\drivers\DrmRVideo32.sys [4/18/2008 4:48 PM 3768]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [4/18/2008 2:05 PM 3768]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SOFTXG;YAMAHA XG SoftSynthesizer;c:\windows\system32\drivers\sxgxgwdm.sys --> c:\windows\system32\drivers\sxgxgwdm.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65ac0fc1-84c1-11dd-980d-0013d4e3f0ab}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
DPF: Microsoft XML Parser for Java
DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://mycampus.phoenix.edu/secure/PhxStudent15.CAB
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8 ... -stage6&p=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\iygcdld6.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npigl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 18:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-08 18:25
ComboFix-quarantined-files.txt 2009-05-08 22:24
ComboFix2.txt 2009-05-04 12:18
ComboFix3.txt 2009-04-28 14:56

Pre-Run: 43,060,969,472 bytes free
Post-Run: 43,046,440,960 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=,1,2,3,4,5
213 --- E O F --- 2009-04-29 07:06
dancingheart714
Regular Member
 
Posts: 16
Joined: December 30th, 2008, 1:03 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 290 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware