Adspyware Popups,INDEX.BR,FSfolder access denied,HD spinning
Because of other issues I couldnt respond right away and was offline while receiving surgery.
My pc stopped the INDEX BTR a couple of weeks ago when I unchecked the properties to not be readable and deleted it.
Still my pc has been randomly shutting off and coming back to f8 mode .I tried Sys Restore but it couldnt be restored.
HP did an online hardware analysis that said all systems were good except my hard drive couldnt code and may need to be replaced but that IF I had any new update downloads that failed that I should remove them.
I did a recent Windows Update & it said Framework2.0 which had failed , so MS Tech helped me removed Framework2.0 with one of their tools as I have Framework 1.1,3.0 &3.5 so they said to leave those .
My pc works, but then an email from a friend included a Glacier_bkgrd.jpg that when opened in my art program, revealed a blinking line[ which my PhotoImpression never had a moving pic before]. My pc shut down and I restarted it. I contacted my friend to find they didnt send it to me when I inquired about the jpg, so I knew I was in trouble. I ran AVG but it showed no problems. A little while later my AVG showed my email was no longer protected.
I tried to update the AVG to correct the email scanning but it wouldnt.
My pc over the next few hours began to delay printing on screen, flash and turn off and restart.I removed the Glacier_b and did a search online to see this has been circulating since 2000 and no one spoke of it as a virus but as a download that failed to initialize and some wrote about subsequent pc problems.
I ran a full scan with AVG and also ran Spybot but no results.
I downloaded Combo Fix and went to MS website to download tool and dragged it into Combo Fix and then ran it.
While running Combo Fix one window popped up saying a threat was being removed, so I hope that was it.
Here is the Notepad of the Combo Fix log and below it is the notepad of the Hijack this log. As I have just done this, I do not know if and what else needs to be done nor how my pc will be working [hopefully better]
Thankyou in advance for your continued assistance,
Ave
I never saw anything about recovery console but it ran through and here is the report:
ComboFix 08-06-06.6 - HP_Owner 2008-06-07 9:40:05.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.555 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Legacy_NWSAPAGENT
-------\Service_Iprip
-------\Service_NwSapAgent
((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.
2008-06-07 09:34 . 2008-06-07 09:34 <DIR> d-------- C:\Program Files\Microsoft Diagnostics and Recovery Toolset
2008-06-06 18:43 . 2008-06-06 18:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-06 18:21 . 2004-08-12 00:09 <DIR> d-------- C:\Documents and Settings\Administrator.AVEHURLEY.000\WINDOWS
2008-06-06 18:21 . 2008-06-06 18:21 <DIR> d-------- C:\Documents and Settings\Administrator.AVEHURLEY.000
2008-06-06 13:49 . 2008-06-06 13:49 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-06-06 13:48 . 2008-06-06 13:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-03 06:49 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-06-03 06:28 . 2008-06-03 06:31 331,805,736 --a------ C:\Documents and Settings\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-06-02 19:43 . 2008-06-02 19:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-02 19:20 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-06-02 19:19 . 2004-08-04 08:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv
2008-06-02 19:18 . 2008-04-13 20:12 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-06-02 19:13 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-06-02 13:41 . 2008-06-02 13:41 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\PeerNetworking
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\zh-cn
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\pt-br
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\bg-bg
2008-06-02 06:19 . 2008-06-02 06:19 <DIR> d-------- C:\WINDOWS\system32\ar-sa
2008-06-02 06:17 . 2008-06-02 06:17 <DIR> d-------- C:\WINDOWS\system32\tr-tr
2008-06-01 14:03 . 2008-06-01 14:03 98,968 --a------ C:\Documents and Settings\Overview of Windows XP Service Pack 3.docx
2008-05-29 15:29 . 2008-05-29 15:29 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-05-29 15:29 . 2008-05-29 16:10 <DIR> d-------- C:\Program Files\Yahoo!
2008-05-29 15:29 . 2008-05-29 15:44 <DIR> d-------- C:\Program Files\Speeditup Free
2008-05-29 15:13 . 2008-05-29 15:13 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-05-28 20:21 . 2008-05-28 20:21 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Windows Desktop Search
2008-05-28 20:18 . 2008-05-28 20:18 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-05-28 18:41 . 2008-05-28 18:41 <DIR> d-------- C:\WINDOWS\Performance
2008-05-28 18:40 . 2008-05-30 22:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-05-26 23:52 . 2008-05-26 23:52 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\MSN6
2008-05-26 17:00 . 2008-05-26 17:00 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 17:00 . 2008-05-26 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 06:10 . 2008-05-26 06:10 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-26 06:10 . 2008-05-26 06:10 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-26 06:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-05-26 05:15 . 2008-06-01 14:14 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-05-26 05:15 . 2008-05-26 05:15 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-26 05:15 . 2008-05-26 05:15 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-05-26 05:08 . 2008-05-26 05:08 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-05-26 05:08 . 2008-05-26 05:08 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-05-26 01:23 . 2008-06-07 09:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-25 21:27 . 2008-05-25 21:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-24 16:38 . 2008-05-24 16:38 <DIR> d-------- C:\Documents and Settings\HP_Owner\Contacts
2008-05-24 16:38 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-05-24 16:35 . 2008-05-24 16:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-20 00:28 . 2008-05-20 00:28 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Snapfish
2008-05-20 00:03 . 2008-05-20 00:12 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\HP
2008-05-19 23:49 . 2005-10-21 19:58 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-19 23:49 . 2005-10-21 19:58 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-19 23:47 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.1
2008-05-19 23:44 . 2008-05-20 00:03 117,931 --a------ C:\WINDOWS\hpoins11.dat
2008-05-19 21:56 . 2008-04-13 14:39 14,592 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-19 21:56 . 2008-04-13 14:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-19 21:29 . 2006-01-03 13:12 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-05-19 21:29 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-05-19 21:28 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-19 21:28 . 2008-04-13 14:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-19 18:27 . 2008-05-19 18:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Leadertech
2008-05-19 17:50 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll
2008-05-18 21:52 . 2008-06-06 18:18 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\mjusbsp
2008-05-18 21:47 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-18 21:47 . 2008-04-14 00:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-18 21:45 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-18 21:45 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-18 07:11 . 2008-05-18 07:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Flickr
2008-05-18 07:10 . 2008-05-18 07:11 <DIR> d-------- C:\Program Files\Flickr Uploadr
2008-05-13 15:49 . 2008-06-04 17:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-05-13 03:15 . 2008-05-13 03:15 48,032 --a------ C:\WINDOWS\system32\uninst.exe
2008-05-11 12:41 . 2008-05-11 12:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-05-11 12:41 . 2008-05-11 12:41 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-11 11:58 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-05-11 11:58 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-05-11 11:58 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-05-11 11:58 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-05-11 02:07 . 2008-05-11 02:07 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-11 02:03 . 2008-06-02 19:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-11 01:58 . 2008-06-03 06:47 <DIR> d-------- C:\WINDOWS\EHome
2008-05-11 01:56 . 2008-05-11 01:56 <DIR> d-------- C:\PRELOAD
2008-05-11 01:56 . 2008-05-11 01:56 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft
2008-05-11 01:01 . 2003-12-17 16:58 82,888 --a------ C:\WINDOWS\system32\drivers\swld23u.sys
2008-05-11 01:01 . 2003-12-15 18:14 53,690 --a------ C:\WINDOWS\system32\drivers\swlubtl.sys
2008-05-11 00:46 . 2008-05-11 02:15 <DIR> d-------- C:\WINDOWS\system32\Samsung
2008-05-11 00:46 . 2008-05-11 02:15 <DIR> d-------- C:\Program Files\Netopia
2008-05-11 00:46 . 2003-08-27 23:43 229,376 --a------ C:\WINDOWS\system32\swlpu.dll
2008-05-11 00:46 . 2003-06-20 11:51 122,880 --------- C:\WINDOWS\system32\PResGer.dll
2008-05-11 00:46 . 2003-06-20 11:51 122,880 --------- C:\WINDOWS\system32\PResFre.dll
2008-05-11 00:46 . 2003-11-04 14:37 68,224 --------- C:\WINDOWS\system32\drivers\swld23.sys
2008-05-11 00:46 . 2003-06-20 11:52 40,960 --------- C:\WINDOWS\system32\PResKor.dll
2008-05-11 00:46 . 2003-06-20 11:50 36,864 --------- C:\WINDOWS\system32\PResEng.dll
2008-05-11 00:46 . 2003-05-15 08:32 13,056 --------- C:\WINDOWS\system32\drivers\PRT1XW2K.SYS
2008-05-10 18:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-10 18:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-10 11:08 . 2008-04-13 14:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-05-10 11:08 . 2008-04-13 14:45 172,416 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-05-10 11:07 . 2008-04-13 12:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-05-10 11:07 . 2008-04-13 12:39 142,592 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2008-05-10 10:52 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll
2008-05-10 10:50 . 2008-04-13 14:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-10 10:50 . 2008-04-13 14:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-05-10 10:50 . 2008-05-10 10:50 79 --a------ C:\WINDOWS\hpdj9800.his
2008-05-10 10:40 . 2008-05-10 10:43 92 --a------ C:\WINDOWS\hpdj9800.bu2
2008-05-10 10:40 . 2008-05-10 10:40 79 --a------ C:\WINDOWS\hpdj9800.hi2
2008-05-10 09:52 . 2008-06-07 09:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-10 09:52 . 2008-05-11 02:13 <DIR> d-------- C:\Program Files\AVG
2008-05-10 09:52 . 2008-05-26 05:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 09:52 . 2008-05-10 09:52 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 09:52 . 2008-05-10 09:52 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-10 08:05 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-05-10 08:00 . 2008-05-26 06:10 <DIR> d-------- C:\Program Files\MSBuild
2008-05-10 07:51 . 2008-05-10 07:59 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-05-10 07:49 . 2008-05-28 01:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 07:48 . 2008-05-11 02:06 <DIR> dr-h----- C:\MSOCache
2008-05-10 04:56 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-10 04:56 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-10 04:56 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-10 04:56 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-10 04:56 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-10 04:56 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-10 04:55 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-10 04:55 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-10 04:55 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-10 04:34 . 2008-06-02 19:48 <DIR> d-------- C:\WINDOWS\system32\scripting
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 12:23 --------- d---a-w C:\Program Files\PC-Doctor for Windows
2008-06-06 22:22 --------- d-----w C:\Program Files\Pandora Recovery
2008-06-06 17:48 --------- d-----w C:\Program Files\MSECache
2008-06-02 23:53 98,304 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\PluginCtrl.dll
2008-06-02 23:53 315,392 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchmsxml.dll
2008-06-02 23:53 3,072 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\pchealthde.exe
2008-06-02 23:53 213,089 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\jsharpde\motive.zip
2008-06-02 23:53 139,264 ----a-w C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBF4Duet\plugin\bin\ContentUpdater.exe
2008-06-02 17:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-01 18:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 02:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 02:03 --------- d-----w C:\Program Files\Symantec
2008-05-31 02:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-29 00:41 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-27 22:07 --------- d-----w C:\Program Files\ArcSoft
2008-05-26 16:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-24 20:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-05-24 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-20 03:52 --------- d-----w C:\Program Files\HP
2008-05-20 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-05-19 01:57 --------- d-----w C:\Program Files\Java
2008-05-17 08:41 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-13 19:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 06:10 --------- d-----w C:\Program Files\Microsoft Works
2008-05-10 00:38 3,885 ----a-w C:\WINDOWS\viassary-hp.reg
2008-05-08 12:35 --------- d-----w C:\Documents and Settings\Ave\Application Data\mjusbsp
2008-05-08 03:07 --------- d-----w C:\Documents and Settings\Ave\Application Data\OpenOffice.org2
2008-05-08 03:06 --------- d-----w C:\Documents and Settings\Ave\Application Data\AVG7
2008-05-01 20:17 --------- d-----w C:\Program Files\Delcampe Toolbar
2008-04-26 00:25 --------- d-----w C:\Documents and Settings\Ave\Application Data\Template
2008-04-18 01:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 04:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 04:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 04:15 60,160 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
2008-04-14 04:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2003-01-13 15:20 278,528 ------w C:\Program Files\internet explorer\plugins\PanoViewer.dll
1999-04-30 20:00 98,304 ------w C:\Program Files\internet explorer\plugins\UPjpeg.dll
2007-12-22 13:08 30,720 --sha-w C:\WINDOWS\rnapxs\rnapxs.dat
2008-03-04 14:46 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-26 05:15 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-26 05:15 2051328]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"cdloader"="C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" [2007-12-21 10:39 50520]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe" [2007-10-05 03:32 75256]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 21:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 23:52 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-04-21 21:28 286720]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-26 05:14 1177368]
"HPWQTOOLBOX"="C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-03 06:18 335872]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-12 00:08 98304]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 13:05 64000]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
C:\Documents and Settings\Administrator.AVEHURLEY\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-08-12 00:15:52 36864]
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-12 00:20:09 16423]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\PC-Doctor for Windows\\Pcdrw32.exe"=
"C:\\WINDOWS\\SMINST\\INSTALL_APP.EXE"=
"C:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"C:\\Program Files\\Microsoft Works\\wkpdfsnf.exe"=
"C:\\Program Files\\Hewlett-Packard\\hp deskjet 9600 series\\Toolbox\\HPWITBX.exe"=
"C:\\WINDOWS\\CREATOR\\CD Creator.exe"=
"C:\\hp\\support\\HPSysInfo.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\CREATOR\\ToolsCDLauncher.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbui.exe"=
"C:\\Program Files\\Pandora Recovery\\PandoraRecovery.exe"=
"C:\\Program Files\\Microsoft Works\\WksWP.exe"=
"C:\\WINDOWS\\system32\\Restore\\rstrui.exe"=
"C:\\Program Files\\ArcSoft\\PhotoImpression 4\\PhotoImpression.exe"=
"C:\\Program Files\\CA\\CA Internet Security Suite\\caisstutorial.exe"=
"C:\\hp\\recovery\\wizard\\SWR_Wizard.exe"=
"C:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"C:\\Program Files\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"=
"C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphver06.exe"=
"C:\\Documents and Settings\\HP_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-26 05:15]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 09:52]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-26 05:15]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-05-26 05:14]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-26 05:15]
R2 prt1xw2k;SEM 11 Mbps Wireless Card NDIS Interface;C:\WINDOWS\system32\drivers\prt1xw2k.sys [2003-05-15 08:32]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-26 05:08]
R3 SWLD23U;Netopia 802.11b WLAN USB Adapter;C:\WINDOWS\system32\DRIVERS\SWLD23U.sys [2003-12-17 16:58]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-05-26 05:08]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2008-04-13 20:12]
S3 swlubtl;WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\swlubtl.sys [2003-12-15 18:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
"2008-06-02 20:06:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-07 13:32:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-07 06:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{A0A34368-5366-403D-A519-7A8315B419CB}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2FA4AD6-E583-4CA9-89AF-FA270D6B2B48}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-06-07 14:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D52A953A-0C01-43E7-9FD8-C47487EA1CD9}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 09:50:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-06-07 10:01:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 14:01:33
Pre-Run: 9,494,487,040 bytes free
Post-Run: 9,756,495,872 bytes free
398 --- E O F --- 2008-05-10 07:00:11
Then I ran the Hijack this and here is that log:Logfile of HijackThis v1.99.1
Scan saved at 10:07:26 AM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0398895171
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe