Free Malware Removal Forum

by **danj10472** » November 6th, 2009, 11:52 pm

I downloaded a torrent avi file. When I went to open it up, it said it needed to update the codec.
I granted access through my firewall (comodo) and after that, my antivirus software (avast) said I was infected and it was quarantining the files. I did a system restore to the last known good configuration, ran a full scan with avast, avg anti-rootkit, ad-aware, spybot, and ccleaner for the registry. Nothing was found. However, something is consistently attempting to redirect my browser (Firefox) to sites which McAfee Site Advisor blocks and says are unsafe. Also, in my Windows\Temp folder are a number of files that I don't think were there before and cannot delete because a process is using them. (Perflib_Perfdata_ac.dat, Perflib_Perfdata_6e4.dat, Perflib_Perfdata_e0.dat, sqlite_6nqQ3oaIqYYf7u8, etc.) I tried booting to Safe Mode to try and delete them and it says there is an error and directs me to start in normal mode. Any help provided would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:56 PM, on 11/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Instant Memory Cleaner.lnk = C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/ ... nstall.exe
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4421.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10761 bytes

by **shinybeast** » November 10th, 2009, 7:53 pm

Hello and welcome to Malware Removal Forums

My handle is shinybeast and I will be assisting you in the removal of malware your computer may have.

Please follow these guidelines as we work to clean your computer.

Read through the instructions before you perform them and if you have questions please ask before you perform them. Please do not guess. I will be happy to clarify or explain.
Perform all instructions in the order given.
Stick with the process until I give you an "all clean." If the symptoms are gone, it does not necessarily mean your computer is safe and secure.
The instructions assume you are using an account with administrator privileges.
Do not run any other tools to remove malware while we are working.
Post all responses in a reply to this topic - Please do not start a new topic.
If your security software throws up warnings about some of these tools, please allow these tools to run, they are safe.
If you have not done so, please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

NOTE: I am in training here at Malware Removal University.
I must get my replies to you approved by a malware expert which means it could take slightly longer to get back to you.
Your patience is appreciated.

Perflib_Perfdata*.dat

Those .dat files are normal. They are created by various programs (.NET, perfmon, etc.) to store performance data. If you delete them, they will be recreated and are nothing to worry about.

Installed Program List

I would be helpful to see a list of programs installed on your computer.

Please start Hijackthis
Click the Open the Misc Tools section button
Click the Open Uninstall Manager... under System Tools

You will see a list of programs installed on your computer.
Please click the Save List... button and specify where you would like to save the list.
Once you click Save, the list will open in Notepad. Simply copy and paste the entire contents of Notepad in your next post.

by **danj10472** » November 11th, 2009, 1:47 pm

Hi Shinybeast. Thanks for the help. Here's the list of installed programs:

Acrobat.com
Acrobat.com
Activstudio Docs (USA) v3.5.1
Activstudio Help (USA) v3.5.1
Activstudio Professional Edition v3.5
Activstudio Resources (USA) v3.5.1
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player
Agere Systems PCI-SV92PP Soft Modem
Amazon MP3 Downloader 1.0.3
AnswerWorks 5.0 English Runtime
Apple Software Update
Audacity 1.2.4
avast! Antivirus
AVG Anti-Rootkit Free
Canon Utilities PhotoStitch 3.1
CCleaner
COMODO Internet Security
Create and Print Plugin 3.6 (build 6013)
Critical Update for Windows Media Player 11 (KB959772)
Cubis Gold 2
Enhanced Multimedia Keyboard Solution
GdiplusUpgrade
Google Earth
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Group Shot
GTK+ 2.10.13 runtime environment
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 3.5
HP Solution Center and Imaging Support Tools 6.1
HP Update
HP Web Helper
Instant Memory Cleaner
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Memory Loops
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MiniMinder 7.26
Mozilla Firefox (3.5.5)
Mozilla Thunderbird (2.0.0.23)
MSN Entertainment Download Troubleshooter
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
overland
Parental Control Toolbar
PC-Doctor 5 for Windows
Picasa 3
Puzzle Inlay
Puzzle Inlay Plus
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2009
QuickTime
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
The GIMP 2.2.17
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Walmart MP3 Music Downloads
Windows Defender Signatures
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WordPerfect Office 12
Zoo Tycoon: Complete Collection

Also, one of the sites my browser keeps getting redirected to is http://malware-online-scanner.info
Don't know if this helps. Just trying to provide as much info as possible. Thanks again.

by **shinybeast** » November 13th, 2009, 1:43 am

Hello danj10472,

Let's look a little deeper.

DDS Scan

Please download DDS by sUBS from one of these links and save it to your desktop
Link1 | Link 2
Double-click the file to start the scan
A black window will open and run the scan
When it finishes, two logs will automatically open with Notepad (DDS.txt and Attach.txt)
Save the logs to the desktop using Save As... and post the contents of both in your next reply

by **danj10472** » November 13th, 2009, 6:43 pm

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 16:33:00.65 on Fri 11/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1236 [GMT -6:00]

AV: avast! antivirus 4.8.1351 [VPS 091112-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avast4\setup\avast.setup
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Parental Control Toolbar: {4e7bd74f-2b8d-469e-9fa5-a33de8dbe931} - c:\progra~1\parent~1\PARENT~1.DLL
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Parental Control Toolbar: {4e7bd74f-2b8d-469e-9fa5-a33de8dbe931} - c:\progra~1\parent~1\PARENT~1.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PCDrSmartMonitor] "c:\program files\pc-doctor 5 for windows\PcdSmartMonitor.exe" -r
mRun: [parentalcontrol] "c:\program files\parentalcontrol\parentalcontrol.exe" "c:\program files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
mRun: [avast!] c:\progra~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\instan~1.lnk - c:\program files\instant memory cleaner\Instant Memory Cleaner.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\minimi~1.lnk - c:\program files\minimind\MiniMind.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - hxxp://www.passalong.com/Music/install/ ... nstall.exe
DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} - hxxp://entimg.msn.com/client/msnediag4421.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} - hxxp://entimg.msn.com/client/msnmusax4421.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\vjsv1n11.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

==================== Find3M ====================

2008-08-02 17:34:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080220080803\index.dat

============= FINISH: 16:37:40.14 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/1/2006 11:21:08 PM
System Uptime: 11/12/2009 8:33:48 AM (32 hours ago)

Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket 939 | 2004/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 178.356 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.442 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP869: 9/18/2008 2:44:15 AM - System Checkpoint
RP870: 9/18/2008 11:02:59 AM - Software Distribution Service 3.0
RP871: 9/19/2008 5:49:41 PM - System Checkpoint
RP872: 9/20/2008 6:03:53 PM - System Checkpoint
RP873: 9/21/2008 6:11:30 PM - System Checkpoint
RP874: 9/22/2008 6:13:46 PM - System Checkpoint
RP875: 9/23/2008 4:57:33 PM - Software Distribution Service 3.0
RP876: 9/23/2008 5:22:14 PM - Removed Adobe Reader 7.1.0
RP877: 9/23/2008 5:22:38 PM - Installed Adobe Reader 9.
RP878: 9/24/2008 5:50:22 PM - System Checkpoint
RP879: 9/25/2008 5:51:42 PM - System Checkpoint
RP880: 9/26/2008 4:03:02 PM - Software Distribution Service 3.0
RP881: 9/27/2008 4:38:29 PM - System Checkpoint
RP882: 9/28/2008 4:45:19 PM - System Checkpoint
RP883: 9/29/2008 5:16:19 PM - System Checkpoint
RP884: 9/30/2008 5:35:35 PM - System Checkpoint
RP885: 10/1/2008 5:41:01 PM - System Checkpoint
RP886: 10/2/2008 3:26:42 PM - Software Distribution Service 3.0
RP887: 10/3/2008 3:45:05 PM - System Checkpoint
RP888: 10/4/2008 10:30:09 PM - System Checkpoint
RP889: 10/5/2008 10:40:21 PM - System Checkpoint
RP890: 10/6/2008 11:37:27 PM - System Checkpoint
RP891: 10/7/2008 3:43:16 PM - Software Distribution Service 3.0
RP892: 10/8/2008 5:18:10 PM - System Checkpoint
RP893: 10/9/2008 4:55:25 PM - Software Distribution Service 3.0
RP894: 10/10/2008 4:18:00 PM - Software Distribution Service 3.0
RP895: 10/12/2008 4:22:48 AM - System Checkpoint
RP896: 10/13/2008 7:17:14 AM - System Checkpoint
RP897: 10/14/2008 8:28:36 AM - System Checkpoint
RP898: 10/14/2008 5:05:31 PM - Software Distribution Service 3.0
RP899: 10/15/2008 5:45:38 PM - System Checkpoint
RP900: 10/16/2008 9:53:20 PM - System Checkpoint
RP901: 10/17/2008 2:26:12 AM - Software Distribution Service 3.0
RP902: 10/18/2008 10:57:25 PM - System Checkpoint
RP903: 10/19/2008 11:08:40 PM - System Checkpoint
RP904: 10/21/2008 5:12:00 PM - System Checkpoint
RP905: 10/22/2008 5:48:25 PM - System Checkpoint
RP906: 10/23/2008 6:33:38 PM - System Checkpoint
RP907: 10/24/2008 5:46:02 PM - Software Distribution Service 3.0
RP908: 10/24/2008 6:49:49 PM - Software Distribution Service 3.0
RP909: 10/25/2008 6:52:33 PM - System Checkpoint
RP910: 10/26/2008 3:52:50 PM - Installed Activsoftware
RP911: 10/27/2008 4:46:14 PM - System Checkpoint
RP912: 10/28/2008 4:41:16 PM - Removed iTunes
RP913: 10/29/2008 5:17:51 PM - System Checkpoint
RP914: 10/30/2008 2:18:24 AM - Software Distribution Service 3.0
RP915: 10/31/2008 4:50:02 PM - Installed FLEXnet Connect Windows Agent.
RP916: 11/1/2008 6:58:57 PM - System Checkpoint
RP917: 11/2/2008 7:23:02 PM - System Checkpoint
RP918: 11/3/2008 4:36:46 PM - Software Distribution Service 3.0
RP919: 11/4/2008 4:30:56 PM - Software Distribution Service 3.0
RP920: 11/5/2008 5:33:26 PM - System Checkpoint
RP921: 11/6/2008 6:25:02 PM - Software Distribution Service 3.0
RP922: 11/7/2008 4:13:06 PM - Software Distribution Service 3.0
RP923: 11/9/2008 7:23:03 AM - System Checkpoint
RP924: 11/10/2008 9:25:04 AM - System Checkpoint
RP925: 11/11/2008 1:53:36 PM - System Checkpoint
RP926: 11/11/2008 4:17:27 PM - Removed Ad-Aware
RP927: 11/11/2008 4:18:04 PM - Installed Ad-Aware
RP928: 11/12/2008 9:08:39 PM - System Checkpoint
RP929: 11/13/2008 2:08:08 AM - Software Distribution Service 3.0
RP930: 11/13/2008 3:00:16 AM - Software Distribution Service 3.0
RP931: 11/14/2008 6:00:38 PM - System Checkpoint
RP932: 11/15/2008 6:26:49 PM - System Checkpoint
RP933: 11/16/2008 2:45:53 PM - Software Distribution Service 3.0
RP934: 11/17/2008 5:48:35 PM - System Checkpoint
RP935: 11/18/2008 6:15:30 PM - System Checkpoint
RP936: 11/19/2008 4:39:25 PM - Software Distribution Service 3.0
RP937: 11/20/2008 4:43:30 PM - Software Distribution Service 3.0
RP938: 11/22/2008 7:22:55 AM - System Checkpoint
RP939: 11/23/2008 8:04:52 AM - System Checkpoint
RP940: 11/23/2008 4:12:45 PM - Removed Windows Defender
RP941: 11/23/2008 4:13:46 PM - Removed Activdriver v4.1.12.
RP942: 11/23/2008 4:21:01 PM - Removed Google SketchUp
RP943: 11/23/2008 4:22:11 PM - Removed Bonjour
RP944: 11/23/2008 4:23:01 PM - Removed PassAlong Software
RP945: 11/23/2008 4:23:27 PM - Removed Microsoft Silverlight
RP946: 11/23/2008 4:24:45 PM - Removed Apple Mobile Device Support
RP947: 11/23/2008 4:33:16 PM - Installed Java(TM) 6 Update 10
RP948: 11/24/2008 5:43:06 PM - System Checkpoint
RP949: 11/25/2008 6:58:15 PM - System Checkpoint
RP950: 11/26/2008 8:00:34 PM - System Checkpoint
RP951: 11/27/2008 8:28:55 PM - System Checkpoint
RP952: 11/29/2008 12:17:27 PM - System Checkpoint
RP953: 11/30/2008 10:17:23 PM - System Checkpoint
RP954: 12/2/2008 5:15:29 PM - System Checkpoint
RP955: 12/3/2008 5:23:33 PM - System Checkpoint
RP956: 12/4/2008 5:44:54 PM - System Checkpoint
RP957: 12/5/2008 6:02:31 PM - System Checkpoint
RP958: 12/7/2008 2:46:44 PM - System Checkpoint
RP959: 12/8/2008 6:12:07 PM - System Checkpoint
RP960: 12/9/2008 6:59:04 PM - System Checkpoint
RP961: 12/10/2008 4:34:17 PM - Software Distribution Service 3.0
RP962: 12/11/2008 5:18:34 PM - System Checkpoint
RP963: 12/11/2008 10:48:13 PM - Software Distribution Service 3.0
RP964: 12/12/2008 10:57:21 PM - System Checkpoint
RP965: 12/14/2008 8:27:13 AM - System Checkpoint
RP966: 12/15/2008 8:44:54 PM - System Checkpoint
RP967: 12/17/2008 12:26:58 AM - System Checkpoint
RP968: 12/18/2008 4:59:44 PM - Software Distribution Service 3.0
RP969: 12/19/2008 5:06:03 PM - System Checkpoint
RP970: 12/20/2008 6:59:22 PM - System Checkpoint
RP971: 12/21/2008 7:08:58 PM - System Checkpoint
RP972: 12/22/2008 10:07:55 PM - System Checkpoint
RP973: 12/23/2008 10:59:24 PM - System Checkpoint
RP974: 12/25/2008 7:57:28 AM - System Checkpoint
RP975: 12/26/2008 8:00:33 AM - System Checkpoint
RP976: 12/27/2008 12:25:12 PM - System Checkpoint
RP977: 12/28/2008 4:52:57 PM - System Checkpoint
RP978: 12/29/2008 7:44:54 PM - System Checkpoint
RP979: 12/31/2008 11:43:55 AM - System Checkpoint
RP980: 1/1/2009 4:49:02 PM - System Checkpoint
RP981: 1/2/2009 6:30:21 PM - System Checkpoint
RP982: 1/3/2009 8:36:31 PM - Installed Java(TM) 6 Update 11
RP983: 1/4/2009 8:39:08 PM - System Checkpoint
RP984: 1/5/2009 9:23:44 PM - System Checkpoint
RP985: 1/6/2009 10:08:51 PM - System Checkpoint
RP986: 1/7/2009 11:22:24 PM - System Checkpoint
RP987: 1/9/2009 5:45:18 PM - System Checkpoint
RP988: 1/10/2009 6:25:40 PM - System Checkpoint
RP989: 1/12/2009 6:25:46 AM - System Checkpoint
RP990: 1/13/2009 7:10:05 PM - System Checkpoint
RP991: 1/14/2009 4:28:05 PM - Software Distribution Service 3.0
RP992: 1/15/2009 5:59:55 PM - System Checkpoint
RP993: 1/16/2009 6:17:30 PM - System Checkpoint
RP994: 1/17/2009 10:58:24 PM - System Checkpoint
RP995: 1/18/2009 11:43:00 PM - System Checkpoint
RP996: 1/20/2009 4:17:46 PM - System Checkpoint
RP997: 1/22/2009 6:37:15 PM - System Checkpoint
RP998: 1/23/2009 7:00:19 PM - System Checkpoint
RP999: 1/24/2009 7:25:35 PM - System Checkpoint
RP1000: 1/25/2009 8:22:40 PM - System Checkpoint
RP1001: 1/26/2009 8:25:44 PM - System Checkpoint
RP1002: 1/27/2009 9:25:49 PM - System Checkpoint
RP1003: 1/28/2009 9:25:58 PM - System Checkpoint
RP1004: 1/29/2009 10:25:58 PM - System Checkpoint
RP1005: 1/30/2009 11:26:02 PM - System Checkpoint
RP1006: 2/1/2009 12:26:06 AM - System Checkpoint
RP1007: 2/2/2009 12:26:17 AM - System Checkpoint
RP1008: 2/3/2009 12:26:22 AM - System Checkpoint
RP1009: 2/4/2009 12:26:33 AM - System Checkpoint
RP1010: 2/5/2009 5:05:00 PM - System Checkpoint
RP1011: 2/6/2009 6:00:54 PM - System Checkpoint
RP1012: 2/7/2009 6:10:07 PM - System Checkpoint
RP1013: 2/8/2009 6:59:56 PM - System Checkpoint
RP1014: 2/10/2009 5:22:46 PM - System Checkpoint
RP1015: 2/11/2009 5:35:53 PM - System Checkpoint
RP1016: 2/12/2009 3:00:15 AM - Software Distribution Service 3.0
RP1017: 2/13/2009 4:48:15 PM - System Checkpoint
RP1018: 2/14/2009 11:50:08 PM - System Checkpoint
RP1019: 2/16/2009 8:44:47 AM - System Checkpoint
RP1020: 2/17/2009 5:19:06 PM - System Checkpoint
RP1021: 2/19/2009 6:01:35 PM - System Checkpoint
RP1022: 2/20/2009 6:41:06 PM - System Checkpoint
RP1023: 2/21/2009 7:23:26 PM - System Checkpoint
RP1024: 2/22/2009 10:19:13 PM - System Checkpoint
RP1025: 2/24/2009 4:44:39 PM - System Checkpoint
RP1026: 2/24/2009 8:09:34 PM - Software Distribution Service 3.0
RP1027: 2/25/2009 4:28:04 PM - Software Distribution Service 3.0
RP1028: 2/26/2009 6:20:37 PM - System Checkpoint
RP1029: 2/27/2009 6:45:21 PM - System Checkpoint
RP1030: 2/28/2009 7:12:04 PM - System Checkpoint
RP1031: 3/1/2009 7:24:27 PM - System Checkpoint
RP1032: 3/2/2009 8:05:51 PM - System Checkpoint
RP1033: 3/3/2009 8:45:22 PM - System Checkpoint
RP1034: 3/4/2009 9:21:27 PM - System Checkpoint
RP1035: 3/5/2009 9:58:06 PM - System Checkpoint
RP1036: 3/6/2009 10:01:35 PM - System Checkpoint
RP1037: 3/7/2009 10:59:44 PM - System Checkpoint
RP1038: 3/8/2009 3:00:26 AM - Software Distribution Service 3.0
RP1039: 3/9/2009 4:00:16 AM - System Checkpoint
RP1040: 3/10/2009 3:30:55 PM - System Checkpoint
RP1041: 3/11/2009 4:18:31 PM - System Checkpoint
RP1042: 3/12/2009 2:00:15 AM - Software Distribution Service 3.0
RP1043: 3/12/2009 9:11:14 PM - Software Distribution Service 3.0
RP1044: 3/14/2009 11:07:38 AM - System Checkpoint
RP1045: 3/15/2009 1:48:22 PM - System Checkpoint
RP1046: 3/15/2009 6:37:09 PM - Software Distribution Service 3.0
RP1047: 3/16/2009 8:42:16 PM - System Checkpoint
RP1048: 3/18/2009 3:42:42 PM - System Checkpoint
RP1049: 3/19/2009 5:45:08 PM - System Checkpoint
RP1050: 3/20/2009 5:29:02 PM - Installed Uniblue DriverScanner v1.0
RP1051: 3/20/2009 10:43:16 PM - Software Distribution Service 3.0
RP1052: 3/22/2009 12:10:27 AM - System Checkpoint
RP1053: 3/23/2009 12:25:34 AM - System Checkpoint
RP1054: 3/24/2009 5:46:58 PM - System Checkpoint
RP1055: 3/25/2009 5:53:07 PM - System Checkpoint
RP1056: 3/26/2009 8:10:03 PM - System Checkpoint
RP1057: 3/27/2009 9:27:30 PM - System Checkpoint
RP1058: 3/28/2009 10:22:31 PM - System Checkpoint
RP1059: 3/29/2009 10:44:11 PM - System Checkpoint
RP1060: 3/30/2009 11:01:49 PM - System Checkpoint
RP1061: 4/1/2009 7:11:37 AM - System Checkpoint
RP1062: 4/2/2009 7:26:00 AM - System Checkpoint
RP1063: 4/3/2009 6:15:01 PM - System Checkpoint
RP1064: 4/4/2009 6:15:40 PM - System Checkpoint
RP1065: 4/5/2009 6:19:50 PM - System Checkpoint
RP1066: 4/6/2009 7:20:23 PM - System Checkpoint
RP1067: 4/7/2009 10:25:24 PM - System Checkpoint
RP1068: 4/9/2009 5:50:07 PM - System Checkpoint
RP1069: 4/10/2009 6:55:53 PM - System Checkpoint
RP1070: 4/11/2009 9:21:15 PM - System Checkpoint
RP1071: 4/12/2009 10:25:05 PM - System Checkpoint
RP1072: 4/14/2009 6:33:18 AM - System Checkpoint
RP1073: 4/15/2009 7:37:21 AM - System Checkpoint
RP1074: 4/16/2009 5:12:28 PM - System Checkpoint
RP1075: 4/16/2009 5:52:35 PM - Software Distribution Service 3.0
RP1076: 4/16/2009 9:19:55 PM - Installed Java(TM) 6 Update 13
RP1077: 4/16/2009 9:45:22 PM - Software Distribution Service 3.0
RP1078: 4/17/2009 5:57:38 AM - Software Distribution Service 3.0
RP1079: 4/18/2009 6:00:21 AM - Software Distribution Service 3.0
RP1080: 4/19/2009 8:18:02 AM - System Checkpoint
RP1081: 4/20/2009 3:00:15 AM - Software Distribution Service 3.0
RP1082: 4/21/2009 5:17:10 PM - System Checkpoint
RP1083: 4/22/2009 6:16:51 PM - System Checkpoint
RP1084: 4/23/2009 6:21:57 PM - System Checkpoint
RP1085: 4/26/2009 12:54:11 PM - System Checkpoint
RP1086: 4/27/2009 5:23:25 PM - System Checkpoint
RP1087: 4/28/2009 5:41:33 PM - System Checkpoint
RP1088: 4/29/2009 6:31:35 PM - System Checkpoint
RP1089: 4/30/2009 8:51:38 PM - System Checkpoint
RP1090: 5/2/2009 10:06:02 AM - System Checkpoint
RP1091: 5/3/2009 2:27:14 PM - System Checkpoint
RP1092: 5/4/2009 4:31:04 PM - System Checkpoint
RP1093: 5/5/2009 4:33:20 PM - System Checkpoint
RP1094: 5/6/2009 5:19:11 PM - System Checkpoint
RP1095: 5/7/2009 5:26:40 PM - System Checkpoint
RP1096: 5/8/2009 5:37:31 PM - System Checkpoint
RP1097: 5/10/2009 5:37:01 PM - System Checkpoint
RP1098: 5/11/2009 5:38:07 PM - System Checkpoint
RP1099: 5/12/2009 5:39:43 PM - System Checkpoint
RP1100: 5/13/2009 3:00:15 AM - Software Distribution Service 3.0
RP1101: 5/14/2009 3:35:41 AM - System Checkpoint
RP1102: 5/15/2009 3:00:16 AM - Software Distribution Service 3.0
RP1103: 5/16/2009 2:38:13 PM - System Checkpoint
RP1104: 5/17/2009 6:37:29 PM - System Checkpoint
RP1105: 5/18/2009 6:51:32 PM - System Checkpoint
RP1106: 5/19/2009 7:10:31 PM - System Checkpoint
RP1107: 5/20/2009 11:51:00 PM - System Checkpoint
RP1108: 5/22/2009 5:04:06 PM - System Checkpoint
RP1109: 5/23/2009 5:45:15 PM - System Checkpoint
RP1110: 5/24/2009 6:53:48 PM - System Checkpoint
RP1111: 5/25/2009 7:38:35 PM - System Checkpoint
RP1112: 5/26/2009 10:44:03 PM - System Checkpoint
RP1113: 5/27/2009 4:24:18 PM - Software Distribution Service 3.0
RP1114: 5/28/2009 5:10:37 PM - System Checkpoint
RP1115: 5/29/2009 6:02:33 PM - System Checkpoint
RP1116: 5/30/2009 8:45:38 PM - System Checkpoint
RP1117: 5/31/2009 9:11:35 PM - System Checkpoint
RP1118: 6/2/2009 6:13:53 PM - System Checkpoint
RP1119: 6/3/2009 6:34:53 PM - System Checkpoint
RP1120: 6/4/2009 6:16:31 AM - Software Distribution Service 3.0
RP1121: 6/4/2009 6:51:24 PM - Software Distribution Service 3.0
RP1122: 6/5/2009 7:03:03 PM - System Checkpoint
RP1123: 6/6/2009 8:24:14 PM - System Checkpoint
RP1124: 6/7/2009 9:01:54 PM - System Checkpoint
RP1125: 6/8/2009 3:00:15 AM - Software Distribution Service 3.0
RP1126: 6/9/2009 8:06:08 AM - System Checkpoint
RP1127: 6/10/2009 8:36:38 AM - System Checkpoint
RP1128: 6/11/2009 8:37:37 AM - Removed Wal-Mart Music Downloads Store.
RP1129: 6/12/2009 5:48:35 AM - Software Distribution Service 3.0
RP1130: 6/13/2009 6:00:20 AM - Software Distribution Service 3.0
RP1131: 6/14/2009 1:54:19 PM - System Checkpoint
RP1132: 6/15/2009 4:35:49 PM - System Checkpoint
RP1133: 6/16/2009 5:58:36 PM - System Checkpoint
RP1134: 6/17/2009 6:06:51 PM - System Checkpoint
RP1135: 6/18/2009 10:12:40 PM - System Checkpoint
RP1136: 6/20/2009 6:30:46 AM - System Checkpoint
RP1137: 6/21/2009 3:00:15 AM - Software Distribution Service 3.0
RP1138: 6/22/2009 3:38:31 AM - System Checkpoint
RP1139: 6/23/2009 11:22:53 AM - System Checkpoint
RP1140: 6/24/2009 1:03:18 PM - System Checkpoint
RP1141: 6/25/2009 2:13:17 PM - System Checkpoint
RP1142: 6/26/2009 2:31:56 PM - System Checkpoint
RP1143: 6/28/2009 1:15:26 PM - System Checkpoint
RP1144: 6/29/2009 11:02:46 AM - Software Distribution Service 3.0
RP1145: 6/30/2009 11:11:42 AM - System Checkpoint
RP1146: 7/1/2009 1:37:56 PM - System Checkpoint
RP1147: 7/2/2009 5:28:53 PM - System Checkpoint
RP1148: 7/3/2009 9:55:29 AM - Software Distribution Service 3.0
RP1149: 7/3/2009 7:12:18 PM - Software Distribution Service 3.0
RP1150: 7/5/2009 5:33:55 PM - System Checkpoint
RP1151: 7/6/2009 7:07:35 PM - System Checkpoint
RP1152: 7/7/2009 10:11:09 PM - System Checkpoint
RP1153: 7/9/2009 4:32:06 AM - Software Distribution Service 3.0
RP1154: 7/10/2009 10:33:11 AM - System Checkpoint
RP1155: 7/11/2009 10:48:28 AM - System Checkpoint
RP1156: 7/12/2009 12:40:14 PM - System Checkpoint
RP1157: 7/13/2009 1:00:59 PM - System Checkpoint
RP1158: 7/14/2009 2:39:33 PM - System Checkpoint
RP1159: 7/15/2009 3:26:39 PM - System Checkpoint
RP1160: 7/16/2009 9:07:09 AM - Software Distribution Service 3.0
RP1161: 7/17/2009 7:43:10 AM - Software Distribution Service 3.0
RP1162: 7/18/2009 8:39:42 PM - System Checkpoint
RP1163: 7/19/2009 9:01:47 PM - System Checkpoint
RP1164: 7/21/2009 12:09:39 AM - System Checkpoint
RP1165: 7/22/2009 12:25:07 AM - System Checkpoint
RP1166: 7/23/2009 8:54:22 AM - System Checkpoint
RP1167: 7/24/2009 9:03:48 AM - System Checkpoint
RP1168: 7/25/2009 10:04:42 AM - System Checkpoint
RP1169: 7/26/2009 7:11:02 PM - System Checkpoint
RP1170: 7/27/2009 7:59:49 PM - System Checkpoint
RP1171: 7/28/2009 9:21:57 PM - System Checkpoint
RP1172: 7/30/2009 6:57:55 AM - Software Distribution Service 3.0
RP1173: 7/30/2009 4:52:56 PM - Software Distribution Service 3.0
RP1174: 7/31/2009 8:57:37 PM - System Checkpoint
RP1175: 8/2/2009 3:08:33 PM - System Checkpoint
RP1176: 8/3/2009 4:00:35 PM - System Checkpoint
RP1177: 8/4/2009 11:19:02 AM - Software Distribution Service 3.0
RP1178: 8/4/2009 11:20:23 AM - Installed Windows XP KB967715.
RP1179: 8/5/2009 3:00:17 AM - Software Distribution Service 3.0
RP1180: 8/6/2009 3:30:40 AM - System Checkpoint
RP1181: 8/7/2009 1:47:41 PM - System Checkpoint
RP1182: 8/8/2009 5:20:20 PM - System Checkpoint
RP1183: 8/9/2009 7:05:38 PM - System Checkpoint
RP1184: 8/12/2009 2:54:46 PM - System Checkpoint
RP1185: 8/13/2009 1:16:38 PM - Software Distribution Service 3.0
RP1186: 8/14/2009 6:15:39 AM - Software Distribution Service 3.0
RP1187: 8/15/2009 12:03:43 PM - System Checkpoint
RP1188: 8/16/2009 12:21:02 PM - System Checkpoint
RP1189: 8/17/2009 1:49:08 PM - System Checkpoint
RP1190: 8/18/2009 2:12:58 PM - System Checkpoint
RP1191: 8/19/2009 2:14:02 PM - System Checkpoint
RP1192: 8/20/2009 2:23:55 PM - System Checkpoint
RP1193: 8/21/2009 3:00:17 AM - Software Distribution Service 3.0
RP1194: 8/22/2009 7:27:16 AM - System Checkpoint
RP1195: 8/23/2009 3:00:15 AM - Software Distribution Service 3.0
RP1196: 8/24/2009 11:53:02 AM - System Checkpoint
RP1197: 8/25/2009 3:00:16 AM - Software Distribution Service 3.0
RP1198: 8/26/2009 3:00:15 AM - Software Distribution Service 3.0
RP1199: 8/27/2009 3:14:39 AM - System Checkpoint
RP1200: 8/28/2009 9:16:55 AM - System Checkpoint
RP1201: 8/29/2009 10:17:00 AM - System Checkpoint
RP1202: 8/30/2009 11:57:48 AM - System Checkpoint
RP1203: 8/31/2009 6:16:13 PM - System Checkpoint
RP1204: 9/2/2009 1:03:56 PM - System Checkpoint
RP1205: 9/3/2009 4:18:20 PM - System Checkpoint
RP1206: 9/4/2009 8:58:05 PM - System Checkpoint
RP1207: 9/6/2009 12:28:06 AM - System Checkpoint
RP1208: 9/7/2009 9:58:15 AM - System Checkpoint
RP1209: 9/8/2009 12:33:07 PM - System Checkpoint
RP1210: 9/9/2009 11:38:28 AM - Software Distribution Service 3.0
RP1211: 9/10/2009 3:00:16 AM - Software Distribution Service 3.0
RP1212: 9/11/2009 6:56:04 PM - System Checkpoint
RP1213: 9/12/2009 9:16:54 PM - System Checkpoint
RP1214: 9/13/2009 11:07:25 PM - System Checkpoint
RP1215: 9/15/2009 11:04:09 AM - System Checkpoint
RP1216: 9/16/2009 1:09:42 PM - System Checkpoint
RP1217: 9/17/2009 10:47:03 PM - System Checkpoint
RP1218: 9/19/2009 6:31:42 AM - System Checkpoint
RP1219: 9/19/2009 5:51:45 PM - Software Distribution Service 3.0
RP1220: 9/19/2009 7:06:18 PM - Software Distribution Service 3.0
RP1221: 9/20/2009 7:36:49 PM - System Checkpoint
RP1222: 9/21/2009 7:37:00 PM - System Checkpoint
RP1223: 9/22/2009 10:59:48 PM - System Checkpoint
RP1224: 9/23/2009 11:02:26 PM - System Checkpoint
RP1225: 9/25/2009 10:22:51 AM - System Checkpoint
RP1226: 9/27/2009 6:34:34 PM - System Checkpoint
RP1227: 9/29/2009 5:52:32 PM - System Checkpoint
RP1228: 9/30/2009 6:57:41 PM - System Checkpoint
RP1229: 10/1/2009 7:38:22 PM - System Checkpoint
RP1230: 10/2/2009 7:57:17 PM - System Checkpoint
RP1231: 10/4/2009 7:42:04 AM - System Checkpoint
RP1232: 10/6/2009 12:28:34 AM - System Checkpoint
RP1233: 10/7/2009 5:13:34 PM - System Checkpoint
RP1234: 10/8/2009 7:19:06 PM - System Checkpoint
RP1235: 10/9/2009 11:29:26 PM - System Checkpoint
RP1236: 10/11/2009 12:10:33 AM - System Checkpoint
RP1237: 10/12/2009 11:28:41 AM - System Checkpoint
RP1238: 10/13/2009 5:11:58 PM - System Checkpoint
RP1239: 10/13/2009 5:31:32 PM - Software Distribution Service 3.0
RP1240: 10/14/2009 9:31:10 PM - System Checkpoint
RP1241: 10/15/2009 5:46:53 PM - Software Distribution Service 3.0
RP1242: 10/16/2009 6:16:03 PM - System Checkpoint
RP1243: 10/17/2009 6:51:41 PM - System Checkpoint
RP1244: 10/18/2009 8:24:58 PM - System Checkpoint
RP1245: 10/19/2009 8:41:42 PM - System Checkpoint
RP1246: 10/21/2009 6:48:07 AM - System Checkpoint
RP1247: 10/22/2009 7:15:08 AM - System Checkpoint
RP1248: 10/23/2009 8:15:12 AM - System Checkpoint
RP1249: 10/24/2009 8:40:13 AM - System Checkpoint
RP1250: 10/25/2009 3:23:16 PM - System Checkpoint
RP1251: 10/26/2009 7:34:19 PM - System Checkpoint
RP1252: 10/28/2009 6:09:02 AM - System Checkpoint
RP1253: 10/29/2009 4:53:14 PM - System Checkpoint
RP1254: 10/30/2009 5:24:23 PM - System Checkpoint
RP1255: 10/31/2009 8:24:49 AM - Restore Operation
RP1256: 10/31/2009 8:51:48 AM - Software Distribution Service 3.0
RP1257: 11/1/2009 8:15:58 PM - System Checkpoint
RP1258: 11/1/2009 10:19:33 PM - Software Distribution Service 3.0
RP1259: 11/2/2009 6:55:40 AM - Configured Customer Experience Enhancement
RP1260: 11/2/2009 11:34:33 PM - Software Distribution Service 3.0
RP1261: 11/4/2009 12:22:32 AM - System Checkpoint
RP1262: 11/4/2009 7:38:44 PM - Software Distribution Service 3.0
RP1263: 11/5/2009 4:00:16 AM - Software Distribution Service 3.0
RP1264: 11/6/2009 4:15:11 AM - System Checkpoint
RP1265: 11/6/2009 8:25:09 PM - Printer Driver WebEx Document Loader Installed
RP1266: 11/7/2009 8:50:45 PM - System Checkpoint
RP1267: 11/8/2009 3:00:25 AM - Software Distribution Service 3.0
RP1268: 11/9/2009 6:48:29 AM - System Checkpoint
RP1269: 11/10/2009 10:03:20 PM - System Checkpoint
RP1270: 11/11/2009 3:00:15 AM - Software Distribution Service 3.0
RP1271: 11/11/2009 11:37:41 AM - Software Distribution Service 3.0
RP1272: 11/11/2009 9:08:46 PM - Installed Java(TM) 6 Update 17
RP1273: 11/11/2009 9:09:28 PM - Installed Java Runtime Environment
RP1274: 11/12/2009 9:54:24 PM - System Checkpoint

==== Installed Programs ======================

==== Event Viewer Messages From Past Week ========

==== End Of File ===========================

Also, another site my browser is being re-directed to is lightseek.biz

by **shinybeast** » November 15th, 2009, 5:25 pm

Hello danj10472,

The DDS logs you posted look incomplete. Did you edit them before you posted? If you did, please do not edit the next ones.

Scan with RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double-click RSIT.exe to run the tool
Click Continue at the disclaimer screen.
Once it finishes, two logs will open...
- log.txt will be opened maximized
- info.txt will be opened minimized
Please post the contents of both logs in your next post.

Scan with GMER

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

[
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button and wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

by **danj10472** » November 17th, 2009, 4:15 pm

Shinybeast,
No, I didn't edit any of the logs. Here's the RSIT and GMER results.

Also, I ran Microsoft's Safety Scanner from the Windows Live OneCare this weekend and it found a virus (Win32/Trufip!rts) but could not remove it.

Hope this helps.

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-11-17 08:56:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 183 GB (80%) free of 229 GB
Total RAM: 1982 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:28 AM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Instant Memory Cleaner.lnk = C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/ ... nstall.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4421.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10571 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware 2007.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}]
Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll [2008-08-02 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"PCDrSmartMonitor"=C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe [2006-02-01 360448]
"parentalcontrol"=C:\Program Files\parentalcontrol\parentalcontrol.exe [2006-08-31 36544]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-10-31 1799952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Instant Memory Cleaner.lnk - C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\HP_Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc94b28a-3aa4-11db-999e-0017319cee85}]
shell\AutoRun\command - J:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2009-11-17 08:56:17 ----D---- C:\rsit
2009-11-16 03:00:26 ----D---- C:\WINDOWS\LastGood
2009-11-14 10:53:52 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-06 21:58:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-11-06 21:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-06 21:57:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 21:15:24 ----D---- C:\Program Files\Trend Micro
2009-11-04 18:39:31 ----A---- C:\WINDOWS\imsins.BAK
2009-10-31 07:42:08 ----D---- C:\Program Files\COMODO

======List of files/folders modified in the last 1 months======

2009-11-17 08:55:55 ----D---- C:\WINDOWS\Prefetch
2009-11-17 08:50:33 ----D---- C:\WINDOWS\Temp
2009-11-17 08:47:53 ----D---- C:\Program Files\Mozilla Firefox
2009-11-16 17:47:30 ----SD---- C:\WINDOWS\Tasks
2009-11-16 16:38:56 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-16 03:02:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-16 03:01:12 ----HD---- C:\WINDOWS\inf
2009-11-16 03:01:11 ----D---- C:\WINDOWS
2009-11-15 23:37:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-15 21:57:35 ----D---- C:\WINDOWS\system32
2009-11-15 07:21:54 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-15 07:21:51 ----D---- C:\WINDOWS\system32\Lang
2009-11-15 07:21:39 ----D---- C:\WINDOWS\Registration
2009-11-15 07:21:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-14 10:53:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-14 10:53:52 ----D---- C:\Program Files
2009-11-11 21:09:36 ----SHD---- C:\WINDOWS\Installer
2009-11-11 21:09:10 ----D---- C:\Program Files\Java
2009-11-11 03:01:14 ----D---- C:\WINDOWS\Debug
2009-11-11 03:00:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-11 00:12:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-06 21:57:48 ----D---- C:\WINDOWS\system32\drivers
2009-11-06 20:18:18 ----AD---- C:\WINDOWS\CREATOR
2009-11-06 19:43:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 19:25:16 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-05 11:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 18:39:25 ----D---- C:\WINDOWS\ie8updates
2009-11-02 05:53:50 ----D---- C:\WINDOWS\Minidump
2009-11-01 23:20:43 ----D---- C:\temp
2009-11-01 23:12:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-01 18:41:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 07:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-31 07:42:08 ----A---- C:\WINDOWS\system32\guard32.dll
2009-10-31 07:38:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2009-10-31 07:28:33 ----D---- C:\WINDOWS\system32\config
2009-10-31 07:28:08 ----D---- C:\WINDOWS\system32\wbem
2009-10-31 07:24:49 ----D---- C:\WINDOWS\system32\Restore
2009-10-30 15:21:49 ----D---- C:\WINDOWS\Help
2009-10-22 03:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-10-31 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-10-31 25160]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 54016]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-09 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-08-17 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-10-31 723632]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-11-17 08:56:31

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Activstudio Docs (USA) v3.5.1-->MsiExec.exe /I{1DDCDB9F-CCC4-4F04-837E-D691428F1E73}
Activstudio Help (USA) v3.5.1-->MsiExec.exe /I{5E9C591D-3A38-41C8-A617-436B40214064}
Activstudio Professional Edition v3.5-->MsiExec.exe /I{929B1254-D7F9-403A-8234-EE348E448820}
Activstudio Resources (USA) v3.5.1-->MsiExec.exe /I{E8B17192-A111-489C-8EA1-A2125875B2B6}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
avast! Antivirus-->C:\Program Files\Avast4\aswRunDll.exe "C:\Program Files\Avast4\Setup\setiface.dll",RunSetup
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Create and Print Plugin 3.6 (build 6013)-->MsiExec.exe /I{B872E985-35EA-4AFF-B898-5764DD6CBB64}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cubis Gold 2-->C:\PROGRA~1\YAHOO!~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\CUBISG~1\INSTALL.LOG
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Group Shot-->MsiExec.exe /I{895F4870-FDD0-4725-9DE2-5D35CFD1F89F}
GTK+ 2.10.13 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5-->"C:\Program Files\HP\Digital Imaging\{18E0918E-1060-48f3-925C-56C82E88551B}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll"
Instant Memory Cleaner-->"C:\Program Files\Instant Memory Cleaner\IMC.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Memory Loops-->C:\PROGRA~1\SHOCKW~1.COM\MEMORY~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\MEMORY~1\INSTALL.LOG
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiniMinder 7.26-->"C:\Program Files\MiniMind\unins000.exe"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Entertainment Download Troubleshooter-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Parental Control Toolbar-->C:\Program Files\parentalcontrol\uninstall_load.exe -uninstall -prompt
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Puzzle Inlay Plus-->C:\PROGRA~1\SHOCKW~1.COM\PUZZLE~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\PUZZLE~1\INSTALL.LOG
Puzzle Inlay-->C:\PROGRA~1\SHOCKW~1.COM\PUZZLE~2\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\PUZZLE~2\INSTALL.LOG
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
The GIMP 2.2.17-->"C:\Program Files\GIMP-2.0\unins000.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Walmart MP3 Music Downloads-->C:\Program Files\Walmart MP3 Music Downloads\uninstall.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{20BFD848-897A-48BB-97A7-CDB5A8D4719E}
Zoo Tycoon: Complete Collection-->"C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 091117-0] (disabled)
FW: COMODO Firewall

======System event log======

Computer Name: FAMILYPC
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.2 on the
Network Card with network address 0017319CEE85.

Record Number: 113195
Source Name: Dhcp
Time Written: 20090830184841.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0017319CEE85. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 113194
Source Name: Dhcp
Time Written: 20090830184841.000000-300
Event Type: warning
User:

Computer Name: FAMILYPC
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.2 on the
Network Card with network address 0017319CEE85.

Record Number: 113191
Source Name: Dhcp
Time Written: 20090830161826.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0017319CEE85. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 113190
Source Name: Dhcp
Time Written: 20090830161826.000000-300
Event Type: warning
User:

Computer Name: FAMILYPC
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.2.2 on the
Network Card with network address 0017319CEE85.

Record Number: 113185
Source Name: Dhcp
Time Written: 20090830161807.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: FAMILYPC
Event Code: 5000
Message:
Record Number: 813
Source Name: MPSampleSubmission
Time Written: 20070330022239.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 5000
Message:
Record Number: 811
Source Name: MPSampleSubmission
Time Written: 20070329022225.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 5000
Message:
Record Number: 809
Source Name: MPSampleSubmission
Time Written: 20070328084939.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20070.30919, faulting module js3250.dll, version 4.0.0.0, fault address 0x0004c124.

Record Number: 808
Source Name: Application Error
Time Written: 20070326080508.000000-300
Event Type: error
User:

Computer Name: FAMILYPC
Event Code: 5000
Message:
Record Number: 806
Source Name: MPSampleSubmission
Time Written: 20070326022225.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"LANG"=C
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-17 13:54:21
Windows 5.1.2600 Service Pack 3
Running: 5gpireon.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxloypog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB716DD46]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB6E796B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB716D250]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB716D8EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB6E79574]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB716D132]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB716F254]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB716F52C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB716CCF8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB716DF2C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB6E79A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB6E7914C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB716EED6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB716D4D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB716DB2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB6E7964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB6E7908C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB716D764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB6E790F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB6E7976E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB716E688]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB716E9F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB6E7972E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB716EC72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB716F084]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB6E798AE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB716D46E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB716D658]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB716CFFC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB716CECA]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\00000974 -> \Driver\atapi \Device\Harddisk0\DR0 8A74250C

---- EOF - GMER 1.0.15 ----

by **shinybeast** » November 18th, 2009, 3:20 pm

Hi danj10472,

I see you updated Java as well. Any effect on the redirects?

Uninstall Programs

Click Start, click Run...
Type appwiz.cpl and press Enter to open Add or Remove Programs
For each of the programs listed below, highlight them in the list and click Remove

Ad-Aware <- You can re-install this when we are done, best to remove it for now.
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Spybot - Search & Destroy 1.5.2.20

Once finished, close Add or Remove Programs window

ComboFix

Please visit this webpage for download links, and a guide for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read the guide carefully and install the Recovery Console first.

NOTE: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. This is important to ensure that Combofix functions properly!
A guide to do this can be found here. If you still aren't sure how to disable protection software, please ask.

Please include the C:\ComboFix.txt in your next reply for further review.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log (C:\combofix.txt)
Any effect on the redirects?
Also, please test your ability to enter safe mode after finishing these instructions and report back.

by **danj10472** » November 18th, 2009, 8:23 pm

Shinybeast,
I can boot to Safe Mode! I also hadn't had the redirects for awhile but last night, a tab popped up redirecting me to online-malware-scanner.net (or something similar) saying I had a virus. Whenever this happens though, I just close the browser via the Task Manager.

Anyway, here's the ComboFix log. I looks like my firewall was still running though I followed the directions on Bleeping Computer about how to turn it off.

ComboFix 09-11-18.06 - HP_Administrator 11/18/2009 17:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1468 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091118-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\webex.ini
c:\recycler\S-1-5-21-527237240-179605362-725345543-500
c:\windows\kb913800.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

2009-11-17 14:56 . 2009-11-17 14:56 -------- d-----w- C:\rsit
2009-11-14 16:53 . 2009-11-15 00:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-12 03:07 . 2009-11-12 03:07 152576 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-12 01:21 . 2009-11-12 03:07 79488 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-07 03:58 . 2009-11-07 03:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-11-07 03:57 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 03:57 . 2009-11-07 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 03:57 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 03:57 . 2009-11-07 03:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 03:15 . 2009-11-07 03:15 -------- d-----w- c:\program files\Trend Micro
2009-10-31 13:42 . 2009-11-17 20:04 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-10-31 13:42 . 2009-11-17 20:04 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-10-31 13:42 . 2009-11-17 20:04 132808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-10-31 13:42 . 2009-10-31 13:42 -------- d-----w- c:\program files\COMODO
2009-10-31 13:34 . 2009-10-31 13:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-31 13:28 . 2009-10-31 13:28 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 22:52 . 2006-05-06 19:59 -------- d-----w- c:\program files\Java
2009-11-18 22:46 . 2006-09-02 06:07 -------- d-----w- c:\program files\Lavasoft
2009-11-18 22:41 . 2008-03-03 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-18 22:26 . 2006-09-02 05:02 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-17 20:04 . 2007-11-23 19:19 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-07 01:43 . 2006-09-02 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-02 05:12 . 2006-09-02 06:39 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-31 19:46 . 2008-12-29 00:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-31 13:47 . 2007-05-28 19:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-10-31 13:38 . 2007-05-28 19:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Comodo
2009-10-11 10:17 . 2008-11-23 22:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2004-08-09 21:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-09 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-09 21:00 247326 ------w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-02-02 360448]
"parentalcontrol"="c:\program files\parentalcontrol\parentalcontrol.exe" [2006-08-31 36544]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-24 1519616]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Instant Memory Cleaner.lnk - c:\program files\Instant Memory Cleaner\Instant Memory Cleaner.exe [2007-11-17 1373409]
MiniMinder.lnk - c:\program files\MiniMind\MiniMind.exe [2006-9-2 237568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/30/2008 7:20 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/31/2009 7:42 AM 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/31/2009 7:42 AM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/30/2008 7:20 PM 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2008 1:43 PM 210216]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2/7/2006 7:38 PM 21120]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [9/12/2007 10:29 AM 54016]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys --> c:\windows\system32\DRIVERS\activmouse.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PCD5SRVC{8A863ACB-F5F6CC6A-05010003}
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-05 00:48]

2009-11-14 c:\windows\Tasks\Spybot - Search & Destroy.job
- c:\progra~1\SPYBOT~1\SpybotSD.exe [2006-09-02 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\vjsv1n11.default\
FF - prefs.js: browser.startup.homepage - my.yahoo.com
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-DWQueuedReporting - c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-18 17:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2416)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avast4\aswUpdSv.exe
c:\program files\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-18 17:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-18 23:38

Pre-Run: 191,284,883,456 bytes free
Post-Run: 191,263,088,640 bytes free

- - End Of File - - 5E8CAC49DFA3F4E431DBC7AC0EAFF1B6

by **shinybeast** » November 19th, 2009, 3:58 pm

Hi danj10472,

Have you had any popups/redirects since running Combofix? If so, what browser(s) are you getting them in?

TFC (Temp File Cleaner)

Click here to download TFC by OldTimer and save it to your desktop.
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

We need to scan for stragglers...

ESET Online Scanner

Note: You will need to disable your Anti-Virus, how to do so can be read here.

Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply, please include:
the ESET log
a new RSIT log.txt (Double-click RSIT.exe and click Continue)
Info on redirects/popups

by **danj10472** » November 19th, 2009, 8:57 pm

Hi Shinybeast,

No redirects or pop-ups since my last post.

Here's the ESET and new RSIT logs:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9333423ef10f464ea0ab625918b6b6c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-20 12:40:50
# local_time=2009-11-19 06:40:50 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 186180 186180 0 0
# compatibility_mode=769 16775141 100 98 0 194034658 0 0
# compatibility_mode=3073 16777213 80 89 0 96852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=108993
# found=3
# cleaned=0
# scan_time=9746
C:\Documents and Settings\HP_Administrator\Local Settings\temp\770EC974.nbp probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus 00000000000000000000000000000000 I
${Memory} probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-11-19 18:48:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 182 GB (80%) free of 229 GB
Total RAM: 1982 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:21 PM, on 11/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Instant Memory Cleaner.lnk = C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/ ... nstall.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4421.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10786 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}]
Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll [2008-08-02 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"PCDrSmartMonitor"=C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe [2006-02-01 360448]
"parentalcontrol"=C:\Program Files\parentalcontrol\parentalcontrol.exe [2006-08-31 36544]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-17 1800464]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Instant Memory Cleaner.lnk - C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-19 15:55:51 ----D---- C:\Program Files\ESET
2009-11-18 21:51:04 ----A---- C:\WINDOWS\customizer.ini
2009-11-18 17:53:57 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-18 17:38:31 ----A---- C:\ComboFix.txt
2009-11-18 17:09:12 ----A---- C:\WINDOWS\zip.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWSC.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWREG.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\sed.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\PEV.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\MBR.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\grep.exe
2009-11-18 17:08:44 ----D---- C:\WINDOWS\ERDNT
2009-11-18 17:08:19 ----AD---- C:\Qoobox
2009-11-17 08:56:17 ----D---- C:\rsit
2009-11-14 10:53:52 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-06 21:58:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-11-06 21:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-06 21:57:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 21:15:24 ----D---- C:\Program Files\Trend Micro
2009-11-04 18:39:31 ----A---- C:\WINDOWS\imsins.BAK
2009-10-31 07:42:08 ----D---- C:\Program Files\COMODO

======List of files/folders modified in the last 1 months======

2009-11-19 18:48:50 ----D---- C:\WINDOWS\Prefetch
2009-11-19 18:47:56 ----D---- C:\WINDOWS\Temp
2009-11-19 18:47:23 ----D---- C:\Program Files\Mozilla Firefox
2009-11-19 18:38:41 ----SD---- C:\WINDOWS\Tasks
2009-11-19 17:42:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-19 15:55:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-19 15:55:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-19 15:55:51 ----D---- C:\Program Files
2009-11-19 15:51:26 ----D---- C:\WINDOWS\system32
2009-11-19 15:51:26 ----D---- C:\WINDOWS\Registration
2009-11-19 15:51:20 ----D---- C:\WINDOWS
2009-11-19 15:51:04 ----D---- C:\WINDOWS\system32\Lang
2009-11-19 15:49:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-19 15:46:08 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-18 21:49:31 ----D---- C:\Program Files\MiniMind
2009-11-18 21:49:22 ----SD---- C:\WINDOWS\Fonts
2009-11-18 18:28:36 ----HD---- C:\WINDOWS\inf
2009-11-18 18:16:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-18 17:38:38 ----D---- C:\WINDOWS\system32\drivers
2009-11-18 17:33:10 ----A---- C:\WINDOWS\system.ini
2009-11-18 17:25:42 ----D---- C:\WINDOWS\AppPatch
2009-11-18 17:25:38 ----D---- C:\Program Files\Common Files
2009-11-18 16:52:47 ----SHD---- C:\WINDOWS\Installer
2009-11-18 16:52:38 ----D---- C:\Program Files\Java
2009-11-18 16:46:28 ----D---- C:\Program Files\Lavasoft
2009-11-17 14:04:18 ----A---- C:\WINDOWS\system32\guard32.dll
2009-11-11 03:01:14 ----D---- C:\WINDOWS\Debug
2009-11-11 03:00:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-11 00:12:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-06 20:18:18 ----AD---- C:\WINDOWS\CREATOR
2009-11-06 19:43:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 19:25:16 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-05 11:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 18:39:25 ----D---- C:\WINDOWS\ie8updates
2009-11-02 05:53:50 ----D---- C:\WINDOWS\Minidump
2009-11-01 23:20:43 ----D---- C:\temp
2009-11-01 23:12:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-01 18:41:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 07:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-31 07:38:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2009-10-31 07:28:33 ----D---- C:\WINDOWS\system32\config
2009-10-31 07:28:08 ----D---- C:\WINDOWS\system32\wbem
2009-10-31 07:24:49 ----D---- C:\WINDOWS\system32\Restore
2009-10-30 15:21:49 ----D---- C:\WINDOWS\Help
2009-10-22 03:19:04 ----N---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-11-17 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-17 25160]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 54016]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-09 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-08-17 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-17 723632]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-08-17 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-08-17 352920]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

by **shinybeast** » November 21st, 2009, 6:07 pm

Hi danj10472,

The ESET scan found something suspicious.

Upload file for scanning

Please visit Virus Total
Click the Browse button below Upload a File.
Copy and paste the file and path below into the File Name box and click Open
C:\Documents and Settings\HP_Administrator\Local Settings\temp\770EC974.nbp
Click Send File and wait for the scanning to complete
When "Current Status:" changes to Finished, click Compact above the report
Note: If the file has already been analysed, please click Reanalyse file now and when it is finished, click Compact above the report.
In the new window that pops up, copy all the info (right-click > select all, right-click > copy) and paste it in your next reply.

by **danj10472** » November 22nd, 2009, 7:52 am

Here's the results. Thanks again, Shinybeast.

File 770EC974.nbp received on 2009.11.22 11:48:56 (UTC)
Antivirus Version Last Update Result
a-squared 4.5.0.41 2009.11.22 Trojan-Dropper.Delf!IK
AhnLab-V3 5.0.0.2 2009.11.20 Win-Trojan/Xema.variant
AntiVir 7.9.1.72 2009.11.20 BDS/Delf.lhl
Antiy-AVL 2.0.3.7 2009.11.20 Backdoor/Win32.Delf.gen
Authentium 5.2.0.5 2009.11.21 W32/Backdoor2.CXWM
Avast 4.8.1351.0 2009.11.22 -
AVG 8.5.0.425 2009.11.22 BackDoor.Generic10.EJR
BitDefender 7.2 2009.11.22 Backdoor.Agent.ZYT
CAT-QuickHeal 10.00 2009.11.21 Backdoor.Delf.lhl
ClamAV 0.94.1 2009.11.22 -
Comodo 2996 2009.11.22 Backdoor.Win32.Delf.lhl
DrWeb 5.0.0.12182 2009.11.22 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.21 W32/Backdoor2.CXWM
F-Secure 9.0.15370.0 2009.11.20 Backdoor.Agent.ZYT
Fortinet 3.120.0.0 2009.11.22 W32/Delf.LHL!tr.bdr
GData 19 2009.11.22 Backdoor.Agent.ZYT
Ikarus T3.1.1.74.0 2009.11.22 Trojan-Dropper.Delf
Jiangmin 11.0.800 2009.11.22 Backdoor/Delf.ila
K7AntiVirus 7.10.901 2009.11.20 Backdoor.Win32.Delf
Kaspersky 7.0.0.125 2009.11.22 Backdoor.Win32.Delf.lhl
McAfee 5809 2009.11.21 Generic BackDoor
McAfee+Artemis 5809 2009.11.21 Generic BackDoor
McAfee-GW-Edition 6.8.5 2009.11.21 Heuristic.BehavesLike.Win32.Backdoor.C
Microsoft 1.5302 2009.11.22 Trojan:Win32/Trufip!rts
NOD32 4627 2009.11.21 probably a variant of Win32/Delf
Norman 6.03.02 2009.11.21 W32/Delf.CWAA
nProtect 2009.1.8.0 2009.11.22 Backdoor/W32.Agent.166912.C
Panda 10.0.2.2 2009.11.21 Bck/Agent.KCP
PCTools 7.0.3.5 2009.11.21 Backdoor.Delf.kkc
Prevx 3.0 2009.11.22 -
Rising 22.22.06.04 2009.11.22 -
Sophos 4.47.0 2009.11.22 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.11.21 Trojan.Win32.Generic!BT
Symantec 1.4.4.12 2009.11.22 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.22 -
VBA32 3.12.12.0 2009.11.22 Backdoor.Win32.Delf.lhl
ViRobot 2009.11.20.2047 2009.11.20 Backdoor.Win32.Delf.166912
VirusBuster 5.0.21.0 2009.11.21 Backdoor.Delf.CDEY
Additional information
File size: 166912 bytes
MD5...: 8bb4af81ee5dc58ba8451665a3efed64
SHA1..: 2141a8ee72030dd389782c59f268bbbce71eccb2
SHA256: d7c3b5c6abf7fdfd93179b4c309b7a903f0919aeb798c4944346df707cc5b8e6
ssdeep: 3072:QHLeH5LI+oJPJ2dwdaxMLVIzL9RfFcsR5IZdVuaqRpDhDmu2e:u6SZdaxzX LfWojnBBL 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x6a570 timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x42000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x43000 0x28000 0x27800 7.91 bbc16f4088dff8ef039574f6131c927a .rsrc 0x6b000 0x1000 0x1000 3.62 13d1799bfe82ce9bb203ed6cf60fe514 ( 8 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress > advapi32.dll: RegCloseKey > comctl32.dll: ImageList_Add > gdi32.dll: SaveDC > ole32.dll: CoInitialize > oleaut32.dll: VarNot > shell32.dll: SHGetPathFromIDListA > user32.dll: GetDC ( 7 exports ) nbEditAction, nbExecAction, nbInitPlugIn, nbMessage, nbRegisterInterfaceAccess, nbRegisterPlugIn, nbRegisterScriptProcessor 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: UPX compressed Win32 Executable (42.6%) Win32 EXE Yoda's Crypter (37.0%) Win32 Executable Generic (11.8%) Win16/32 Executable Delphi generic (2.8%) Generic Win/DOS Executable (2.7%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=8bb4af81ee5dc58ba8451665a3efed64' target='_blank'>http://www.threatexpert.com/report.aspx?md5=8bb4af81ee5dc58ba8451665a3efed64</a>
packers (F-Prot): UPX
packers (Authentium): UPX
packers (Antiy-AVL): UPX 0.89.6 - 1.02 / 1.05 - 1.22 DLL

by **shinybeast** » November 23rd, 2009, 11:28 am

Hi danj10472,

Thanks again, Shinybeast.

Your welcome. I'm happy to help.

That definitely looks like a malicious file. I cannot tell if it has gotten a foothold though. So, we need to do the following to check.

TFC(Temp File Cleaner)

Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program. (It should still be on your desktop. If not see this post for link.)
If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

We need to repeat the online scan. This time it shouldn't take quite as long.

ESET Online Scanner

Note: You will need to disable your Anti-Virus, how to do so can be read here.

Please go here then click on:
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply, please include:
the ESET log
a new RSIT log.txt (Double-click RSIT.exe and click Continue)

by **danj10472** » November 23rd, 2009, 11:00 pm

Here you go.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9333423ef10f464ea0ab625918b6b6c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-20 12:40:50
# local_time=2009-11-19 06:40:50 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 186180 186180 0 0
# compatibility_mode=769 16775141 100 98 0 194034658 0 0
# compatibility_mode=3073 16777213 80 89 0 96852 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=108993
# found=3
# cleaned=0
# scan_time=9746
C:\Documents and Settings\HP_Administrator\Local Settings\temp\770EC974.nbp probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus 00000000000000000000000000000000 I
${Memory} probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9333423ef10f464ea0ab625918b6b6c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-11-24 02:23:00
# local_time=2009-11-23 08:23:00 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 538090 538090 0 0
# compatibility_mode=769 16775141 100 98 0 194386568 0 0
# compatibility_mode=3073 16777213 80 89 0 448762 0 0
# compatibility_mode=8192 67108863 100 0 269263 269263 0 0
# scanned=109128
# found=3
# cleaned=0
# scan_time=9566
C:\Documents and Settings\HP_Administrator\Local Settings\temp\7712D7EF.nbp probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus 00000000000000000000000000000000 I
${Memory} probably a variant of Win32/Delf trojan 00000000000000000000000000000000 I

************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-11-23 20:55:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 182 GB (79%) free of 229 GB
Total RAM: 1982 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:41 PM, on 11/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\parentalcontrol\parentalcontrol.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
C:\Program Files\MiniMind\MiniMind.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Parental Control Toolbar - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCDrSmartMonitor] "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r
O4 - HKLM\..\Run: [parentalcontrol] "C:\Program Files\parentalcontrol\parentalcontrol.exe" "C:\Program Files\parentalcontrol\parentalcontrol.dll" "parentalcontrol"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Instant Memory Cleaner.lnk = C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
O4 - Startup: MiniMinder.lnk = C:\Program Files\MiniMind\MiniMind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.passalong.com/Music/install/ ... nstall.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8942.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag4421.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax4421.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10743 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Spybot - Search & Destroy.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Toolbar Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931}]
Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-11 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll [2008-08-02 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-04 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - Parental Control Toolbar - C:\PROGRA~1\PARENT~1\PARENT~1.DLL [2006-08-31 3078336]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-03-18 2554944]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2005-01-12 241664]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"PCDrSmartMonitor"=C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe [2006-02-01 360448]
"parentalcontrol"=C:\Program Files\parentalcontrol\parentalcontrol.exe [2006-08-31 36544]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-08-17 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-17 1800464]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Instant Memory Cleaner.lnk - C:\Program Files\Instant Memory Cleaner\Instant Memory Cleaner.exe
MiniMinder.lnk - C:\Program Files\MiniMind\MiniMind.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-19 15:55:51 ----D---- C:\Program Files\ESET
2009-11-18 21:51:04 ----A---- C:\WINDOWS\customizer.ini
2009-11-18 17:53:57 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-18 17:38:31 ----A---- C:\ComboFix.txt
2009-11-18 17:09:12 ----A---- C:\WINDOWS\zip.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWSC.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\SWREG.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\sed.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\PEV.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\MBR.exe
2009-11-18 17:09:12 ----A---- C:\WINDOWS\grep.exe
2009-11-18 17:08:44 ----D---- C:\WINDOWS\ERDNT
2009-11-18 17:08:19 ----AD---- C:\Qoobox
2009-11-17 08:56:17 ----D---- C:\rsit
2009-11-14 10:53:52 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-11 21:09:13 ----A---- C:\WINDOWS\system32\java.exe
2009-11-11 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-06 21:58:06 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-11-06 21:57:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-06 21:57:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-06 21:15:24 ----D---- C:\Program Files\Trend Micro
2009-11-04 18:39:31 ----A---- C:\WINDOWS\imsins.BAK
2009-10-31 07:42:08 ----D---- C:\Program Files\COMODO

======List of files/folders modified in the last 1 months======

2009-11-23 19:24:30 ----D---- C:\WINDOWS\Temp
2009-11-23 17:47:22 ----D---- C:\WINDOWS\Prefetch
2009-11-23 17:46:56 ----D---- C:\Program Files\Avast4
2009-11-23 17:39:32 ----D---- C:\Program Files\Mozilla Firefox
2009-11-23 17:39:21 ----D---- C:\WINDOWS\system32
2009-11-23 17:39:21 ----D---- C:\WINDOWS\Registration
2009-11-23 17:39:17 ----D---- C:\WINDOWS
2009-11-23 17:39:14 ----SD---- C:\WINDOWS\Tasks
2009-11-23 17:39:12 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-23 17:38:57 ----D---- C:\WINDOWS\system32\Lang
2009-11-23 17:37:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-23 16:03:32 ----D---- C:\Program Files\Mozilla Thunderbird
2009-11-23 06:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-11-19 15:55:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-19 15:55:51 ----D---- C:\Program Files
2009-11-18 21:49:31 ----D---- C:\Program Files\MiniMind
2009-11-18 21:49:22 ----SD---- C:\WINDOWS\Fonts
2009-11-18 18:28:36 ----HD---- C:\WINDOWS\inf
2009-11-18 18:16:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-18 17:38:38 ----D---- C:\WINDOWS\system32\drivers
2009-11-18 17:33:10 ----A---- C:\WINDOWS\system.ini
2009-11-18 17:25:42 ----D---- C:\WINDOWS\AppPatch
2009-11-18 17:25:38 ----D---- C:\Program Files\Common Files
2009-11-18 16:52:47 ----SHD---- C:\WINDOWS\Installer
2009-11-18 16:52:38 ----D---- C:\Program Files\Java
2009-11-18 16:46:28 ----D---- C:\Program Files\Lavasoft
2009-11-17 14:04:18 ----A---- C:\WINDOWS\system32\guard32.dll
2009-11-11 03:01:14 ----D---- C:\WINDOWS\Debug
2009-11-11 03:00:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-11 00:12:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-06 20:18:18 ----AD---- C:\WINDOWS\CREATOR
2009-11-06 19:43:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 19:25:16 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-05 11:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-04 18:39:25 ----D---- C:\WINDOWS\ie8updates
2009-11-02 05:53:50 ----D---- C:\WINDOWS\Minidump
2009-11-01 23:20:43 ----D---- C:\temp
2009-11-01 23:12:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-01 18:41:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 07:47:33 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-10-31 07:38:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2009-10-31 07:28:33 ----D---- C:\WINDOWS\system32\config
2009-10-31 07:28:08 ----D---- C:\WINDOWS\system32\wbem
2009-10-31 07:24:49 ----D---- C:\WINDOWS\system32\Restore
2009-10-30 15:21:49 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-11-17 132808]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-17 25160]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms []
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2007-09-12 54016]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys []
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-09 162816]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Avast4\ashServ.exe [2009-08-17 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-17 723632]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Free Malware Removal Forum

Need help with possible virus, cannot boot into safe mode

Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Re: Need help with possible virus, cannot boot into safe mode

Who is online