Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help hijackthis report included

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help hijackthis report included

Unread postby Striefsky2 » December 3rd, 2008, 5:34 pm

:( Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:33 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1132930441\ee\AOLSoftware.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\LimeWire\2\LimeWire.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ ... brkpie.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter hijack: text/html - {97b297d0-252c-45c2-84ac-ae96c0663115} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: jspmmt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10410 bytes


My computer is running very slow although I only have 28 gigabytes used on my hard drive and 150 free.
I downloaded Spyware doctor and spybot search and destory, but my computer still isn't running correctly.
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm
Advertisement
Register to Remove

Re: Help hijackthis report included

Unread postby davis » December 3rd, 2008, 6:33 pm

Hi Striefsky2,


Welcome to MRU. My name is davis. I will be helping you to fix your malware problems.
If your issues have been resolved or already received help elsewhere, then please let us know. If not, and still need help. Please follow the instructions in the following.


Step1

Regarding to Malware Removal's P2P Programs Policy, please uninstall the following program before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate LimeWire and click on the Change/Remove button to uninstall it.
  3. Close Add/Remove Programs and Control Panel when done.

Step2

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:

1.RSIT log.txt and info.txt. Thanks.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 4th, 2008, 2:33 pm

Hi thanks for helping me out so far, here's those reports below.

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-04 13:29:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 154 GB (84%) free of 183 GB
Total RAM: 958 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:06 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: (no name) - {1987E48B-B54B-4F20-8149-432F4154FBF3} - (no file)
O2 - BHO: (no name) - {21DE86F0-758C-4C9D-81B6-6B76FF59B3DF} - C:\WINDOWS\system32\mlJCVnon.dll (file missing)
O2 - BHO: (no name) - {3AE90E7D-E6BB-4246-81CA-A9727A5897AF} - C:\WINDOWS\system32\ssqPgecd.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\khfCtrRK.dll
O2 - BHO: {f158a91b-fa60-53fa-5a34-50540dfcd96f} - {f69dcfd0-4505-43a5-af35-06afb19a851f} - C:\WINDOWS\system32\wkfiyh.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ ... brkpie.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter hijack: text/html - {97b297d0-252c-45c2-84ac-ae96c0663115} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: jspmmt.dll
O20 - Winlogon Notify: khfCtrRK - C:\WINDOWS\SYSTEM32\khfCtrRK.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12109 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - karen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1987E48B-B54B-4F20-8149-432F4154FBF3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21DE86F0-758C-4C9D-81B6-6B76FF59B3DF}]
C:\WINDOWS\system32\mlJCVnon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AE90E7D-E6BB-4246-81CA-A9727A5897AF}]
C:\WINDOWS\system32\ssqPgecd.dll [2008-11-21 318464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f69dcfd0-4505-43a5-af35-06afb19a851f}]
C:\WINDOWS\system32\wkfiyh.dll [2008-12-03 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - Pink Ribbon Toolbar - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotSnD"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 4891472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe [2007-04-12 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1132930441\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-23 144896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-05-03 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
C:\Program Files\FilmLoop Player\FilmLoopService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1132930441\ee\AOLSoftware.exe [2007-04-12 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-05-04 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\mcafee.com\antivirus\oasclnt.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
C:\Program Files\Common Files\AOL\1132930441\ee\SSCRun.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
C:\PROGRA~1\SPRINT~1\MEMONI~1.EXE -m []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="jspmmt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfCtrRK]
C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqPgecd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BackupNoCDBurning"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\LimeWire\2\LimeWire.exe"="C:\Program Files\LimeWire\2\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64a09d47-6ce7-11da-a7a7-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9ad870a-5c72-11da-a798-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-04 13:29:45 ----D---- C:\rsit
2008-12-03 21:45:23 ----ASH---- C:\WINDOWS\system32\dcegPqss.ini2
2008-12-03 20:16:22 ----A---- C:\WINDOWS\system32\73b7a070-.txt
2008-12-03 16:23:38 ----D---- C:\Program Files\Trend Micro
2008-12-03 16:00:49 ----SH---- C:\WINDOWS\system32\clhskjbw.ini
2008-12-03 16:00:38 ----A---- C:\WINDOWS\system32\wbjkshlc.dll
2008-12-03 15:55:15 ----A---- C:\WINDOWS\system32\wkfiyh.dll
2008-12-03 15:55:11 ----A---- C:\WINDOWS\system32\thsqjkwk.dll
2008-12-03 15:17:52 ----A---- C:\WINDOWS\system32\SSSensor.dll
2008-12-03 15:14:31 ----D---- C:\Program Files\Sygate
2008-12-03 12:18:42 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16:06 ----D---- C:\Program Files\AVG
2008-12-03 12:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 15:59:16 ----ASH---- C:\WINDOWS\system32\iqffvbwm.ini
2008-12-02 15:59:03 ----A---- C:\WINDOWS\system32\mwbvffqi.dll
2008-12-02 15:54:17 ----A---- C:\WINDOWS\system32\jspmmt.dll
2008-12-02 15:52:32 ----A---- C:\WINDOWS\system32\ndxselxv.dll
2008-12-02 15:31:21 ----A---- C:\WINDOWS\system32\jobgdd.dll
2008-12-02 15:31:20 ----A---- C:\WINDOWS\system32\nofqpmyf.dll
2008-12-02 15:30:32 ----ASH---- C:\WINDOWS\system32\dtbqjauf.ini
2008-12-02 15:30:24 ----A---- C:\WINDOWS\system32\fuajqbtd.dll
2008-12-02 15:13:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 15:13:32 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 15:13:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-12-01 15:53:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-12-01 15:28:53 ----A---- C:\WINDOWS\system32\qljjyx.dll
2008-12-01 15:28:51 ----A---- C:\WINDOWS\system32\cwjskjsg.dll
2008-12-01 15:25:42 ----ASH---- C:\WINDOWS\system32\ntxveveu.ini
2008-12-01 15:01:12 ----D---- C:\WINDOWS\Minidump
2008-11-30 13:10:36 ----ASH---- C:\WINDOWS\system32\svybwklk.ini
2008-11-30 13:10:35 ----A---- C:\WINDOWS\system32\klkwbyvs.dll
2008-11-30 13:09:01 ----A---- C:\WINDOWS\system32\expqtm.dll
2008-11-30 13:09:00 ----A---- C:\WINDOWS\system32\xphsltiq.dll
2008-11-29 11:04:33 ----A---- C:\WINDOWS\system32\ibuvje.dll
2008-11-29 11:04:32 ----A---- C:\WINDOWS\system32\qqmbkpif.dll
2008-11-29 11:01:33 ----ASH---- C:\WINDOWS\system32\yxxwnxgi.ini
2008-11-28 11:02:37 ----A---- C:\WINDOWS\system32\cmafue.dll
2008-11-28 11:02:35 ----A---- C:\WINDOWS\system32\ghblqfhh.dll
2008-11-28 10:59:36 ----ASH---- C:\WINDOWS\system32\lomswjca.ini
2008-11-27 11:02:36 ----ASH---- C:\WINDOWS\system32\vebyayyy.ini
2008-11-27 10:59:37 ----A---- C:\WINDOWS\system32\gqhwrw.dll
2008-11-27 10:59:35 ----A---- C:\WINDOWS\system32\trkwulst.dll
2008-11-26 10:59:36 ----ASH---- C:\WINDOWS\system32\flkloqoy.ini
2008-11-26 10:57:52 ----A---- C:\WINDOWS\system32\ugdttc.dll
2008-11-26 10:57:51 ----A---- C:\WINDOWS\system32\rwnnevvb.dll
2008-11-25 11:08:06 ----ASH---- C:\WINDOWS\system32\jglwheiu.ini
2008-11-25 10:56:03 ----A---- C:\WINDOWS\system32\gwqkys.dll
2008-11-25 10:56:02 ----A---- C:\WINDOWS\system32\atumjbij.dll
2008-11-24 14:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-24 10:57:45 ----ASH---- C:\WINDOWS\system32\wexlwsqx.ini
2008-11-24 10:57:45 ----A---- C:\WINDOWS\system32\xqswlxew.dll
2008-11-24 10:55:10 ----A---- C:\WINDOWS\system32\ccotkp.dll
2008-11-24 10:55:09 ----A---- C:\WINDOWS\system32\mrmxegpj.dll
2008-11-23 11:00:45 ----ASH---- C:\WINDOWS\system32\pdpmpudh.ini
2008-11-23 10:57:46 ----A---- C:\WINDOWS\system32\duthiu.dll
2008-11-23 10:57:44 ----A---- C:\WINDOWS\system32\qppfyqox.dll
2008-11-22 11:00:39 ----ASH---- C:\WINDOWS\system32\fmptyvlc.ini
2008-11-22 10:57:39 ----A---- C:\WINDOWS\system32\sninfjxh.dll
2008-11-22 10:57:39 ----A---- C:\WINDOWS\system32\hjavge.dll
2008-11-22 10:51:40 ----A---- C:\WINDOWS\system32\zjnfcz.dll
2008-11-22 10:51:40 ----A---- C:\WINDOWS\system32\ahypwrcx.dll
2008-11-22 08:18:40 ----ASH---- C:\WINDOWS\system32\idhqpjqu.ini
2008-11-21 10:48:59 ----A---- C:\WINDOWS\system32\peocke.dll
2008-11-21 10:48:58 ----A---- C:\WINDOWS\system32\fbkwfkdf.dll
2008-11-21 08:15:59 ----ASH---- C:\WINDOWS\system32\etnekqjn.ini
2008-11-21 07:06:49 ----ASH---- C:\WINDOWS\system32\dcegPqss.ini
2008-11-21 07:06:44 ----A---- C:\WINDOWS\system32\ssqPgecd.dll
2008-11-21 00:54:09 ----A---- C:\WINDOWS\system32\geBtUlLD.dll
2008-11-21 00:54:08 ----A---- C:\WINDOWS\system32\ddcBSKBU.dll
2008-11-20 22:21:43 ----ASH---- C:\WINDOWS\system32\nmuaqvlx.ini
2008-11-20 22:21:33 ----A---- C:\WINDOWS\system32\xlvqaumn.dll
2008-11-20 22:18:35 ----A---- C:\WINDOWS\system32\ucwjcy.dll
2008-11-20 22:18:33 ----A---- C:\WINDOWS\system32\yjcftfgn.dll
2008-11-19 22:18:32 ----A---- C:\WINDOWS\system32\eflsmf.dll
2008-11-19 22:18:31 ----A---- C:\WINDOWS\system32\xqbgxvnl.dll
2008-11-19 22:17:12 ----ASH---- C:\WINDOWS\system32\mgbelslw.ini
2008-11-19 22:09:58 ----A---- C:\WINDOWS\system32\yayaBQhF.dll
2008-11-19 22:09:58 ----A---- C:\WINDOWS\system32\khfCtrRK.dll
2008-11-19 22:09:54 ----A---- C:\WINDOWS\system32\msansspc.dll
2008-11-12 15:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 15:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 15:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 20:41:57 ----D---- C:\Program Files\Common
2008-11-06 22:24:36 ----A---- C:\WINDOWS\system32\mst120.dll

======List of files/folders modified in the last 1 months======

2008-12-04 13:29:43 ----D---- C:\WINDOWS\Prefetch
2008-12-04 13:28:46 ----D---- C:\Program Files\LimeWire
2008-12-04 12:57:18 ----D---- C:\Program Files\Mozilla Firefox
2008-12-04 11:24:44 ----D---- C:\WINDOWS\Temp
2008-12-03 21:45:23 ----D---- C:\WINDOWS\system32
2008-12-03 20:12:31 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 20:09:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-03 20:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 16:36:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 16:23:38 ----D---- C:\Program Files
2008-12-03 16:16:40 ----SHD---- C:\WINDOWS\Installer
2008-12-03 16:15:23 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-12-03 16:15:21 ----D---- C:\WINDOWS
2008-12-03 15:41:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 15:20:56 ----ASH---- C:\boot.ini
2008-12-03 15:20:55 ----A---- C:\WINDOWS\win.ini
2008-12-03 15:20:54 ----A---- C:\WINDOWS\system.ini
2008-12-03 15:20:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 12:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files
2008-12-02 22:30:56 ----A---- C:\VETlog.txt
2008-12-02 21:35:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-02 21:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-02 19:28:20 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-02 19:28:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AOL
2008-12-02 19:15:47 ----D---- C:\Program Files\Common Files\AOL
2008-12-02 19:09:45 ----D---- C:\Program Files\AOL
2008-12-02 15:09:54 ----D---- C:\WINDOWS\Cursors
2008-12-02 15:09:31 ----D---- C:\WINDOWS\addins
2008-11-28 12:49:51 ----A---- C:\WINDOWS\WININIT.INI
2008-11-24 15:48:33 ----D---- C:\WINDOWS\system32\dllcache
2008-11-24 15:48:27 ----D---- C:\Program Files\Internet Explorer
2008-11-17 23:33:56 ----HD---- C:\WINDOWS\inf
2008-11-17 23:33:56 ----D---- C:\WINDOWS\Help
2008-11-12 15:39:43 ----A---- C:\WINDOWS\imsins.BAK
2008-11-12 15:39:33 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-15 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 BCM43XX;Dynex Wireless G Enhanced Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service; C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 49152]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-07-07 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.04 2008-12-04 13:31:22

======Uninstall list======

-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
Dynex Wireless G Enhanced Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC18EE61-1445-473C-87EA-C9BD124793EF}\Setup.exe" -l0x9
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0007_7025ee3f\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark 2300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
My Wal-Mart Digital Photo Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAF8B012-D559-4B8D-95C0-D98E1172E5C3}\setup.exe" -l0x9 -removeonly
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Photohands 1.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)
FW: Sygate Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

thanks again
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 7th, 2008, 4:43 pm

Hi Striefsky2,


As i am still in training, all my proposed fix should be checked by an expert. Sorry for the late response that might cause. Thank you for your understanding.
The fixes are specific to your problem and should only be used for this issue on this machine.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic. Thanks


Step1

Please disable Spybot S&D's protection,or it will interfere.

You can enable it after you're clean.
Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.
If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm


Step2

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if every products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as every products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
I also notice AVG is an outdated version or disabled in your system. You are well advised to remove AVG and follow the instructions as follows:

1.
Click on Start > All Programs > AVG 8.0 > Uninstall AVG

2.
  • If you experience any problems with the uninstallation procedure, please follow these steps:
  • Download the latest installation file of AVG from the Download section of AVG website.
  • After downloading, run this file and choose the Uninstall Product option in the dialogue Select Setup Type
  • Finish the uninstallation process and restart your computer

Step3


  1. Please download Flash_Disinfector and save it to your desktop.
  2. Double click to run it.
  3. You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  4. Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  5. When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  6. Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.


Step4

Back up the whole registry with ERUNT
  1. Please download ERUNT zip version from Here.
  2. For the zipped version:
  3. Unzip all the files into a folder of your choice.
  4. Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe


Step5

Download OTMoveIt3.exe by OldTimer and save it to your desktop.
  • Double click on OTMoveIt3.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
  • Note: Do not type it out to minimize the risk of typo error
    Code: Select all
    :Processes 
    explorer.exe
    
    :Files
    C:\WINDOWS\system32\mlJCVnon.dll 
    C:\WINDOWS\system32\ssqPgecd.dll 
    C:\WINDOWS\system32\khfCtrRK.dll 
    C:\WINDOWS\system32\dcegPqss.ini2
    C:\WINDOWS\system32\73b7a070-.txt
    C:\WINDOWS\system32\clhskjbw.ini
    C:\WINDOWS\system32\wbjkshlc.dll
    C:\WINDOWS\system32\wkfiyh.dll
    C:\WINDOWS\system32\thsqjkwk.dll
    C:\WINDOWS\system32\iqffvbwm.ini
    C:\WINDOWS\system32\mwbvffqi.dll
    C:\WINDOWS\system32\jspmmt.dll
    C:\WINDOWS\system32\ndxselxv.dll
    C:\WINDOWS\system32\jobgdd.dll
    C:\WINDOWS\system32\nofqpmyf.dll
    C:\WINDOWS\system32\dtbqjauf.ini
    C:\WINDOWS\system32\fuajqbtd.dll
    C:\WINDOWS\system32\qljjyx.dll
    C:\WINDOWS\system32\cwjskjsg.dll
    C:\WINDOWS\system32\ntxveveu.ini
    C:\WINDOWS\system32\svybwklk.ini
    C:\WINDOWS\system32\klkwbyvs.dll
    C:\WINDOWS\system32\expqtm.dll
    C:\WINDOWS\system32\xphsltiq.dll
    C:\WINDOWS\system32\ibuvje.dll
    C:\WINDOWS\system32\qqmbkpif.dll
    C:\WINDOWS\system32\yxxwnxgi.ini
    C:\WINDOWS\system32\cmafue.dll
    C:\WINDOWS\system32\ghblqfhh.dll
    C:\WINDOWS\system32\lomswjca.ini
    C:\WINDOWS\system32\vebyayyy.ini
    C:\WINDOWS\system32\gqhwrw.dll
    C:\WINDOWS\system32\trkwulst.dll
    C:\WINDOWS\system32\ugdttc.dll
    C:\WINDOWS\system32\rwnnevvb.dll
    C:\WINDOWS\system32\jglwheiu.ini
    C:\WINDOWS\system32\gwqkys.dll
    C:\WINDOWS\system32\atumjbij.dll
    C:\WINDOWS\system32\wexlwsqx.ini
    C:\WINDOWS\system32\xqswlxew.dll
    C:\WINDOWS\system32\ccotkp.dll
    C:\WINDOWS\system32\mrmxegpj.dll
    C:\WINDOWS\system32\pdpmpudh.ini
    C:\WINDOWS\system32\duthiu.dll
    C:\WINDOWS\system32\qppfyqox.dll
    C:\WINDOWS\system32\fmptyvlc.ini
    C:\WINDOWS\system32\sninfjxh.dll
    C:\WINDOWS\system32\hjavge.dll
    C:\WINDOWS\system32\zjnfcz.dll
    C:\WINDOWS\system32\ahypwrcx.dll
    C:\WINDOWS\system32\idhqpjqu.ini
    C:\WINDOWS\system32\peocke.dll
    C:\WINDOWS\system32\fbkwfkdf.dll
    C:\WINDOWS\system32\etnekqjn.ini
    C:\WINDOWS\system32\dcegPqss.ini
    C:\WINDOWS\system32\ssqPgecd.dll
    C:\WINDOWS\system32\geBtUlLD.dll
    C:\WINDOWS\system32\ddcBSKBU.dll
    C:\WINDOWS\system32\nmuaqvlx.ini
    C:\WINDOWS\system32\xlvqaumn.dll
    C:\WINDOWS\system32\ucwjcy.dll
    C:\WINDOWS\system32\yjcftfgn.dll
    C:\WINDOWS\system32\eflsmf.dll
    C:\WINDOWS\system32\xqbgxvnl.dll
    C:\WINDOWS\system32\mgbelslw.ini
    C:\WINDOWS\system32\yayaBQhF.dll
    C:\WINDOWS\system32\khfCtrRK.dll
    C:\WINDOWS\system32\msansspc.dll
    C:\Program Files\LimeWire
    
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1987E48B-B54B-4F20-8149-432F4154FBF3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21DE86F0-758C-4C9D-81B6-6B76FF59B3DF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AE90E7D-E6BB-4246-81CA-A9727A5897AF}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f69dcfd0-4505-43a5-af35-06afb19a851f}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfCtrRK]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\nm]
    @="Service"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network\nm.sys]
    @="Driver"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\2\LimeWire.exe"=-
    "C:\Program Files\LimeWire\2\LimeWire.exe"=-
    
    :Commands
    [EmptyTemp]
    [start explorer]
    [Reboot]
  • Click on MoveIt!
  • When done, click on Exit
  • Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
  • A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.


In your next reply, Please post back:

1.OTMoveIT log
2.RIST log (Before running RIST, go to C:\rist delete that folder)

Tell me how things are going now.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 9th, 2008, 5:46 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-09 16:44:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 154 GB (84%) free of 183 GB
Total RAM: 958 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:39 PM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: {34ce93d8-fcef-175b-01d4-bea6251fa172} - {271af152-6aeb-4d10-b571-fecf8d39ec43} - C:\WINDOWS\system32\kzzooy.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {86880D60-1886-4AE1-B95F-438A36C50663} - C:\WINDOWS\system32\hgGXqnNf.dll
O2 - BHO: (no name) - {9EB5163E-1E90-42B8-84DE-9C53EF7ED67C} - C:\WINDOWS\system32\ssqPgecd.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: (no name) - {A63E645F-13BD-45ED-B15F-6E8C1BD57279} - C:\WINDOWS\system32\khfCtrRK.dll
O3 - Toolbar: Pink Ribbon Toolbar - {68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1132930441\ee\SSCRun.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ ... brkpie.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter hijack: text/html - {97b297d0-252c-45c2-84ac-ae96c0663115} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: kzzooy.dll
O20 - Winlogon Notify: khfCtrRK - C:\WINDOWS\SYSTEM32\khfCtrRK.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12497 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - karen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{271af152-6aeb-4d10-b571-fecf8d39ec43}]
C:\WINDOWS\system32\kzzooy.dll [2008-12-09 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86880D60-1886-4AE1-B95F-438A36C50663}]
C:\WINDOWS\system32\hgGXqnNf.dll [2008-12-09 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EB5163E-1E90-42B8-84DE-9C53EF7ED67C}]
C:\WINDOWS\system32\ssqPgecd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A63E645F-13BD-45ED-B15F-6E8C1BD57279}]
C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - Pink Ribbon Toolbar - C:\Program Files\Pink Ribbon Toolbar\Toolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [2007-03-14 83608]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]
"sscRun"=C:\Program Files\Common Files\AOL\1132930441\ee\SSCRun.exe []
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"PCDrProfiler"=C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r []
"OASClnt"=C:\Program Files\mcafee.com\antivirus\oasclnt.exe []
"MPFExe"=C:\Program Files\mcafee.com\personal firewall\MPfTray.exe []
"lxcgmon.exe"=C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-05-04 200704]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-05-03 299008]
"EzPrint"=C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]
"EmailScan"=C:\Program Files\mcafee.com\antivirus\mcvsescn.exe []
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-23 144896]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe [2007-04-12 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\America Online 9.0\AOL.EXE [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
C:\Program Files\Common Files\AOL\1132930441\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FilmLoop]
C:\Program Files\FilmLoop Player\FilmLoopService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1132930441\ee\AOLSoftware.exe [2007-04-12 42032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
C:\PROGRA~1\SPRINT~1\MEMONI~1.EXE -m []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kzzooy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfCtrRK]
C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A63E645F-13BD-45ED-B15F-6E8C1BD57279}"=C:\WINDOWS\system32\khfCtrRK.dll [2008-11-19 25600]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\hgGXqnNf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BackupNoCDBurning"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe


======List of files/folders created in the last 1 months======

2008-12-09 16:23:40 ----SH---- C:\WINDOWS\system32\yxqkwkkn.ini
2008-12-09 16:23:28 ----A---- C:\WINDOWS\system32\nkkwkqxy.dll
2008-12-09 16:19:19 ----A---- C:\WINDOWS\system32\kzzooy.dll
2008-12-09 16:19:17 ----A---- C:\WINDOWS\system32\fttwluda.dll
2008-12-09 16:18:24 ----ASH---- C:\WINDOWS\system32\fNnqXGgh.ini2
2008-12-09 16:18:22 ----ASH---- C:\WINDOWS\system32\fNnqXGgh.ini
2008-12-09 16:18:12 ----A---- C:\WINDOWS\system32\hgGXqnNf.dll
2008-12-09 15:58:10 ----ASH---- C:\WINDOWS\system32\rvuxdgjx.ini
2008-12-09 15:58:02 ----A---- C:\WINDOWS\system32\xjgdxuvr.dll
2008-12-09 15:57:33 ----RASHD---- C:\autorun.inf
2008-12-09 15:56:47 ----A---- C:\WINDOWS\system32\kxmewb.dll
2008-12-09 15:56:45 ----A---- C:\WINDOWS\system32\uqjlxagj.dll
2008-12-04 13:29:45 ----D---- C:\rsit
2008-12-03 16:23:38 ----D---- C:\Program Files\Trend Micro
2008-12-03 12:18:42 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16:06 ----D---- C:\Program Files\AVG
2008-12-03 12:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 15:13:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 15:13:32 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 15:13:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-12-01 15:53:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-12-01 15:01:12 ----D---- C:\WINDOWS\Minidump
2008-11-26 10:59:36 ----ASH---- C:\WINDOWS\system32\flkloqoy.ini
2008-11-24 14:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-19 22:09:58 ----A---- C:\WINDOWS\system32\khfCtrRK.dll
2008-11-12 15:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 15:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 15:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-10 20:41:57 ----D---- C:\Program Files\Common

======List of files/folders modified in the last 1 months======

2008-12-09 16:42:34 ----D---- C:\Program Files\Mozilla Firefox
2008-12-09 16:40:38 ----D---- C:\WINDOWS\Prefetch
2008-12-09 16:29:05 ----D---- C:\WINDOWS\system32\drivers
2008-12-09 16:28:40 ----D---- C:\WINDOWS\Temp
2008-12-09 16:26:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-09 16:23:40 ----D---- C:\WINDOWS\system32
2008-12-09 16:17:57 ----ASH---- C:\boot.ini
2008-12-09 16:17:57 ----A---- C:\WINDOWS\win.ini
2008-12-09 16:17:57 ----A---- C:\WINDOWS\system.ini
2008-12-09 16:17:10 ----D---- C:\WINDOWS\pss
2008-12-09 16:04:36 ----D---- C:\Program Files
2008-12-09 15:38:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 15:35:00 ----D---- C:\WINDOWS
2008-12-09 15:33:15 ----SHD---- C:\WINDOWS\Installer
2008-12-09 15:23:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-12-03 20:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 16:36:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 15:41:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 15:20:51 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-03 12:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files
2008-12-02 22:30:56 ----A---- C:\VETlog.txt
2008-12-02 21:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-02 19:28:20 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-02 19:28:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AOL
2008-12-02 19:15:47 ----D---- C:\Program Files\Common Files\AOL
2008-12-02 19:09:45 ----D---- C:\Program Files\AOL
2008-12-02 15:12:15 ----A---- C:\WINDOWS\imsins.BAK
2008-12-02 15:09:54 ----D---- C:\WINDOWS\Cursors
2008-12-02 15:09:31 ----D---- C:\WINDOWS\addins
2008-11-28 12:49:51 ----A---- C:\WINDOWS\WININIT.INI
2008-11-24 15:48:33 ----D---- C:\WINDOWS\system32\dllcache
2008-11-24 15:48:27 ----D---- C:\Program Files\Internet Explorer
2008-11-17 23:33:56 ----HD---- C:\WINDOWS\inf
2008-11-17 23:33:56 ----D---- C:\WINDOWS\Help
2008-11-12 15:39:33 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-15 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 BCM43XX;Dynex Wireless G Enhanced Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service; C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 49152]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-07-07 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

I ran into a couple differnt problems during the process.
1. avg won't completely install onto my computer, and it won't let me delete it, and i can't get into it to uninstall it.
2.OTmoveit when trying to move those files, it would always stop responding.
Below is the only file from otmoveit on my computer, b/c i restarted my computer and the program was gone.

 SCCA „` O T M O V E I T 3 . E X E ˆ½vï@½vï ¼vï Wh…@½vï¸0Þ ˜ 5 ¼ º t= z ðT  ” ŒikDZÉ   = 2  = ? f 5  |  Ò 4    < 3  „  ¤ 5  ˆ U  M  Ý T ¬ 3  1   2  K " z 5  m & æ 3  “  N 4  ˜  ¸ 5  ® , $ 3  Ú  Œ 2  ñ  ò 0  ö  T 4  ú + ¾ 5  % L * 4  q  ” 4  Ž $ þ 4  ²  h 5  ¸  Ô 5  ¿  @ 5  Å ¬ 2  Ñ " 
3  ó  z
2  õ  à
4  ø ) J †  !  X 5  "  Ä <  >  >
4  Y 6 ¨
2     5  ¥ z 3  ®  â 4  ² L 3  ¾  ´ u  à    I  Ç  4 d  Ë  þ 5  á  j 5  ç  Ö 2  è  <   í v 5  ø  â 3    J 5  &  ¶ #  ' N þ 5  u  j 5  y  Ö 3    > 3  ‚ " ¦ 3  ¤   5   :   :   :  <  $ :  4 :  D :  T : d :
t : „ : ” :
¤ :  ´ :  Ô :  ä :  ô :   :   :  $ :  4 :  D :  T :  d :  t :  „ :  ” :  ¤ :  ´ :  Ä :  Ô : ä : ! ô : "  : #  : $ $ : % 4 : & D : ' T : ( d * ) t : * „ : + ” : , ´ : - Ä : . ô : /  : 0 $ : 1 4 : 2 D : 3 T : 4 ´ : 5  : 6 T : 7 Ô : 8 ä : 9 t : : ¤ : ; ´ : < Ä : ÿÿÿÿ Ô : >  : ?  < @  : A < B $ : C 4 : D D : E T : F d : G t : H „ : I ” : J ¤ : K ´ : L Ä : M Ô : N ä : O ô : P  : Q  : R $ : S 4 : T D : U T : V d : W t : X ¤ : Y ´ : Z Ä : [ Ô
p\ ä : ] ô
^  : _ T * ` Ä " a Ô
€b ä : c ô : d  : e  : f $ * g 4 * h D : i T : j d : k t : l „ : m ¤
pn ´
€o ô : p $ : q 4 : r T : s ¤ : t ´
€u Ô : v $ : w d : x 6 : y F : z V : { \
ˆÿÿÿÿ l
ˆ} < ~  <  p < € ð < ÿÿÿÿ  < ‚ < ƒ À < ÿÿÿÿ Ð < … < † 0 < ‡ @ < ÿÿÿÿ P < ‰  : Š  : ‹ $ : Œ 4 :  D : Ž T :  d :  t : ‘ „ : ’ ” : “ ¤ : ” ´ : • Ä : – Ô : — ä : ˜ ô : ™  : š  : › $ : œ 4 :  D : ž T : Ÿ d :   t : ¡ „ : ¢ ” : £ ¤ : ¤ ´ : ¥ Ä : ¦ Ô : § ä : ¨ ô : ©  : ª  : « $ : ¬ 4 : ­ D : ® T : ¯ d : ° t : ± „ : ² ” : ³ ¤ : ´ ´ : µ Ä : ¶ Ô : · ä : ¸ ô : ¹  : º  : » $ : ¼ 4 : ½ D : ¾ T : ¿ d : À t : Á „ :  ” : à ¤ : Ä ´ : Å Ä : Æ Ô : Ç ä : È ô : É  : Ê  : Ë $ : Ì 4 : Í D : Î T : Ï d : Ð t : Ñ „ : Ò ” : Ó ¤ : Ô ´ : Õ Ä : Ö Ô : × ä : Ø ô : Ù  : Ú  : Û $ : Ü < : ÿÿÿÿ L : Þ < ß  : à  : á < â $ : ã 0 < ä 4 : å D : æ T : ç d : è t : é „ : ê ” : ë ¤ : ì ´ : í Ä : î Ô : ï ä
ð  * ñ $ : ò 4 : ó D * ô T
õ d : ö p < ÷ t : ø „ : ù ” : ú ¤ : û ´ : ü Ä : ý Ô : þ ä : ÿ ô :   <   :   *  $ *  4 *  D *  T *  d *  t *  „ *
 ”
 ¤ *  ´ *
 Ä :  Ô :  ä
 ô *   *  $ :  4 :  D :  T *  d
 t
 „
 ” :  ¤ *  ´ :  Ä :  Ô :  ä :  ô *   * !  * " T * # d * $ t
% ´ * & Ä
' Ô * ( ä
) ô * * T
+ ¤ : , ´ : - Ä * . ø : /  : 0  : ÿÿÿÿ „ : 2  : 3  : 4 $ : 5 4 : 6 D : 7 T : 8 d : 9 t : : „ : ; ” : < ¤ : = Ä : > Ô : ? ä : @ $ * A ´ * B Ô * C  : D  : E 4 * F ” : G Ä : H Ô * I T * J * : ÿÿÿÿ < : L  : M  : N $ : O 4 : P D : Q T : R d : S t : T „ : U Ä : V Ô : W ä : X ô : Y  : Z 
[ $
\ 4 : ] D : ^ T
_ Ô
`  : a D : b t : c „ : d ¤ : e ´ : f ä
g  : h 4 : i Ä
j  * k J : l Z : ÿÿÿÿ v : n  : o  : p $ * q 4 * r D * s T : t d : u t : v „ : w ” : x ¤ : y ´
z Ä : { Ô : | ä : } ô : ~  :   : € $ :  4 : ‚ D : ƒ T : „ d : … t : † „
‡ ¤ : ˆ ´ : ‰ Ä : Š ä : ‹ ô : Œ 
 
Ž $
 ´
  : ‘ , : ’ – : ÿÿÿÿ ¢ : ”  : •  : – d : — Æ : ÿÿÿÿ Ì : ™  : š  : › $ : œ 4 :  D : ž T * Ÿ ” :   ´ * ¡ „ * ¢ ” * £ ¤ * ¤ ´ * ¥ Ä * ¦  * § ä * ¨ ô : © Ä : ª Ô : « ä : ¬ ò : ­  * ÿÿÿÿ  : ¯  : °  : ± $ : ² 4 * ³ ¤ : ´ ´ * µ Ä * ¶ Ô : · ä : ¸ t : ¹ „ : º ” : » ¤ : ¼ ´ : ½ ô : ¾  : ¿ $ : À 4 : Á D
 T : à d : Ä „ : Å ” : Æ ¤ : Ç ä * È  * É T * Ê d : Ë t : Ì ” : Í ¤ : Î Ô : Ï ä : Ð ô : Ñ d : Ò t : Ó „ : Ô ” : Õ ¤ : Ö ´ : × â : Ø ò : Ù  : ÿÿÿÿ
 : Û  : Ü ´ * Ý Ä : Þ ” : ß ¤ : à ´ : á Ä : â Ô : ã ä : ä ô : å  : æ  : ç D : è ä : é ô : ê  : ë  : ì ´ : í Ô : î T : ï d : ð t : ÿÿÿÿ º : ò  : ó  : ô t : õ Ø : ÿÿÿÿ Ú : ÷  : ø  : ù > : ÿÿÿÿ @ : û < ü  : ý  : þ $ : ÿ 4 :  D :  T *  d *  t *  „ *  ¤ *  Ô *  ô *   *  4 *
 D :  ä *   :
 4 :  D :  T :  d :  t :  „ :  Ä :   *  t *  Ä *  Ô *  ä *  ô *  d :  „ :  ¤ :  ´ :   :  ä :   : !  : " 0 > # 6 : $ @ < ÿÿÿÿ p < & < '  : ( D : ) T
  * d * + t * , „ * - ä : .  : / $
0 ä
1 
2 4
3 d : 4 t : 5 „ : 6 ”
7 ¤
˜8 ´
9 Ô * : ä * ; ô
< 
= Ô
p> ä
? ô
@ 
A $
B $ * C D : D T : E d : F t : G „ : H ”
I Ô
J „
K ä
L ô
M T
N 
: O 4

P t

Q „

R ”

S ¤

T ´

U Ä

èV Ô

ÀW ä

X ô

Y 4
Z ”
[ 

 \ D

] T

P^ ”
 _ 4
X` ´
a d
b t
c „ : d ´ : e Þ
f Þ : g î : h þ : i ! : j ! : k .! : l >!
m ~!
n €! > o À! > p " < ÿÿÿÿ # < r  : s  : t $ : u 4 : v D : w T : x d * y t * z ”
{ ¤ * | ´ * } ô * ~ 
 D * € t *  „ * ‚ ” * ƒ  * „ ´ * … ä * †  : ‡ 4 * ˆ t * ‰ 
Š „ : ‹ ” : Œ ¤ :  À : ÿÿÿÿ Ì :   :   : ‘ $ * ’ 4 : “ D * ” T * • d * – t * — „ * ˜ ” * ™ ¤ * š ´ * › ´ * œ $ *  ” * ž Ä : Ÿ Ô :   ô * ¡  * ¢ ´ * £ Ä * ¤ ä * ¥ Ä * ¦ ô : §  * ¨ 4 : © „ * ª ” : « ¤ : ¬ ´ : ­ ¶ : ® Æ : ¯ Ö : ° æ : ± ö : ÿÿÿÿ 
: ³  : ´ 4 : µ D : ¶ N : · R : ÿÿÿÿ V : ¹  : º „ : » ô : ¼ „ : ½ ” : ¾ š : ÿÿÿÿ ® : À  : Á  : Â ´ : Ã ä : Ä  : ÿÿÿÿ  : Æ < Ç  : È  : É $ * Ê T : Ë d : Ì t : Í „ : Î $ : Ï 4 : Ð P : ÿÿÿÿ R : Ò
Ó 
Ô 
Õ 
Ö $
× 4
Ø D
Ù T
Ú d
Û t
Ü „
Ý ”
Þ ¤
ß ´
à Ä
á Ô
â ä
ã ô
ä 
å 
æ $
ç 4
è D
é T
ê d
ë t
ì „
í ”
î ¤
ï ´
ð À
ñ Ä
ò Ô
 ÿÿÿÿ ä
ô < ÿÿÿÿ  < ö < ÷ ` , ÿÿÿÿ  , ù < ú  : û  : ü $ : ý 4 : þ D : ÿ T :  d :  Ô :  ä :  ô :  
 Ä :  ä :  ô :   :  4 :
 T :  „ :  ” :
 $ :  4 :  D :  d :  ¤ :  ä :  $ :   :  T :  d :  ¤ :  ´ :   :  T :  ¤ :  Ô :  ä :  ô :   :   : ÿÿÿÿ  : ÿÿÿÿ < # > $  : %  : & $ : ' 4 : ( D : ) T : * d : + t : , „ : - ” : . ¤  / ´ : 0 Ä : 1 Ô : 2 ä : 3 ô : 4  : 5  : 6 $ : 7 4 : 8 B : 9 D " : T " ; X " < d  = r : ÿÿÿÿ ‚  ? < @  : A  : B $ : C 4 : D D : E T : F d : G t : H „ : I ” : J ¤ : K ” : L ¤ : M ´ : N Ä * O Ô : P ä * Q ô
R  * S 4 : T „
U ”
V Ô : W ä : X ö : ÿÿÿÿ  : Z < [  : \  : ] $ : ^ 4 : _ D : ` T * a d : b t
˜c „
pd ¤
pe Ô : f ä : g ô : h  : i 
 j D
ðk T
l d
m t
n ¤ * o ´
˜p Ä : q Ô
r ä
xs ô
˜t 
u 
ðv $
ðw 4
ðx ¤
ày ´
pz Ä
è{ ä
 | ô
 } 
 ~ 4
ø D : € T :  d
x‚ t
pƒ „
„ ¤
p… ´
h† Ä
 ‡ ä : ˆ ô
 ‰  : Š  : ‹  : Œ ( :  8
Ž H
 ÿÿÿÿ X
   ‘ 
 ’ 
 “ 
 ” 
 • (
 – 8
 — H
 ˜ X
 ™ h
 š x
 › ˆ
 œ ˜
  ¨
ž ¸
Ÿ È
  Ø
¡ è
¢ ð
 £ ô
 ¤ 
ÿÿÿÿ 
 ¦  * §  * ¨ T * © d * ª t * « ¤ * ¬  * ­ & * ÿÿÿÿ 0 * ¯  * °  * ± B * ÿÿÿÿ D * ³  * ´  * µ D * ¶ T * · d * ¸ ” * ¹ „ * º ä * » ô * ¼ þ * ½  * ÿÿÿÿ  * ¿ , À  , Á , Â 0 , ÿÿÿÿ @ , Ä , Å  , Æ , ÿÿÿÿ 0 , È , É  , Ê , ÿÿÿÿ 0 , Ì < Í  : Î  : Ï $ : Ð 4 : Ñ d * Ò $ : Ó 4 * Ô D * Õ T * Ö t : × „ : Ø ” : Ù Ä : Ú  : Û $ : Ü 4 : Ý D : Þ T : ß d : à p > ÿÿÿÿ r : â  : ã  : ä ä : å ô : æ  : ÿÿÿÿ  : ÿÿÿÿ < é °û ê pÿ ë @ ì ` ÿÿÿÿ p î ï 
ð 
ñ 
ò 
ó (
ô 8
õ H
ö L
÷ \
ÿÿÿÿ `
ù 
ú 
û $
ü ä
ý ô
þ 
ÿ 
 Ä
 ä
 t
 ä
 ô
 Ä
 

 Ô

 ä

 ô


 
 
 *

 :
 J
 Z
 j
 ~
ÿÿÿÿ Ž
 
 
 $
 4
 T
 d
 t
 „
 ”
 ä
 
 $
 4
 ´
! Ä
" Ô
# ì
$ ü
% 
ÿÿÿÿ |
ÿÿÿÿ p( ) 
* 
+ 
, 
- (
. 8
/ H
0 X
1 h
2 x
3 ˆ
4 ˜
5 ¨
6 ¸
7 È
8 Ø
9 è
: ø
; 
< 
= (
> 8
? H
@ X
A h
B x
C ˆ
D ˜
E ¨
F ¸
G È
H Ø
I è
J ø
K 
L 
M (
N 8
O H
P X
Q h
R x
S ˆ
T ˜
U ¨
V ¸
W È
X Ø
Y è
Z ø
[ 
\ 
] (
^ 8
_ H
` X
a h
b x
c ˆ
d ˜
e ¨
f ¸
g È
h Ø
i è
@ j ø
H k 
H l 
P m (
H n 8
p o H
p X
@ q h
P r r
s v
t †
P ÿÿÿÿ –
v 
hw $
`x .
hÿÿÿÿ 0
H z ¸{ 
Ð| 
à} $
à~ 4
È D
Ѐ H
àÿÿÿÿ J
Àÿÿÿÿ , ƒ " „  " …  " †  " ‡ $ " ˆ 4 " ‰ D " Š T " ‹ d " Œ t "  „ " Ž ” "  ¤ "  ´ " ‘ Ä " ’ Ô " “ ä " ” ô " •  " –  " — $ " ˜ 4 " ™ D " š T " › d " œ t "  „ " ž ” " Ÿ ¤ "   ´ " ¡ À " ¢ Ä " £ Ô " ÿÿÿÿ ä " ¥ $ ¦  " §  " ¨  " ©  " ª ( " « 8 " ¬ H " ­ X " ® h " ¯ x " ° ˆ " ± ˜ " ² ¨ " ³ ¸ " ´ È " µ Ø " ¶ è " · ð " ¸ ô " ¹  " ÿÿÿÿ  " \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ D E S K T O P \ O T M O V E I T 3 . E X E \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S E C U R 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M P R . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ V E R S I O N . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ W I N I N E T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ N O R M A L I Z . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ I E R T U T I L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ K Z Z O O Y . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ C T Y P E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T K E Y . N L S \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 5 5 1 2 _ X - W W _ 3 5 D 4 C E 8 3 \ C O M C T L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ W I N D O W S S H E L L . M A N I F E S T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ P R O G R A M F I L E S \ S P Y W A R E D O C T O R \ K L G . D A T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ U X T H E M E . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M S C T F . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ N K K W K Q X Y . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ D N S A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ T E M P O R A R Y I N T E R N E T F I L E S \ C O N T E N T . I E 5 \ I N D E X . D A T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ C O O K I E S \ I N D E X . D A T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ H I S T O R Y \ H I S T O R Y . I E 5 \ I N D E X . D A T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M S C T F I M E . I M E \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ O L E P R O 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ R P C S S . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ $ M F T \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ K H F C T R R K . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ U R L M O N . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S E T U P A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ D E S K T O P . I N I \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ H G G X Q N N F . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ S H F O L D E R . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M S L B U I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ M S I M T F . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ J S P M M T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ X J G D X U V R . D L L C P  ×.C€  ˜  A R Ì  š63“>½Å¡d”x  @ @  W S \ D E V I C E \ H A R D D I S K V O L U M E 1    Qð  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ \ D E V I C E \ H A R D D I S K V O L U M E 2 A R  G çµ  h> J³Ìµ «úê  Z  ,¤ ìn&¤  %¤  ½,  ía  i§  ÎA  ÕF f A§  ¤ á(äŠ Þøb ¡ ¤  צ  æ    ¤¦ án ¦  ¦  } 2 ‘  ¤ žÝ;d  ¤  1¦  Ø¥ ªŒÖ¥  ³¥  ÷£  Ÿ¥  ¥  ¥ 
¾  õ£  {¾  gF + ¥ J‹ ¥  ÿ¤  ÂF ‘Á¤  ä  G9 % >  >    Ý  î+  [µ  Yµ  ;µ  @µ wúAµ  <µ !G=µ  *  My V  i  4 2=
ì> Ü? P@ X@ \@  \ D E V I C E \ H A R D D I S K V O L U M E 2 \ / \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ 8 \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ @ \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ C O O K I E S \ @ \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ D E S K T O P \ G \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ O \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ H I S T O R Y \ [ \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ H I S T O R Y \ H I S T O R Y . I E 5 \ ` \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ T E M P O R A R Y I N T E R N E T F I L E S \ l \ D E V I C E \ H A R D D I S K V O L U M E 2 \ D O C U M E N T S A N D S E T T I N G S \ H P _ O W N E R \ L O C A L S E T T I N G S \ T E M P O R A R Y I N T E R N E T F I L E S \ C O N T E N T . I E 5 \ & \ D E V I C E \ H A R D D I S K V O L U M E 2 \ P R O G R A M F I L E S \ 5 \ D E V I C E \ H A R D D I S K V O L U M E 2 \ P R O G R A M F I L E S \ S P Y W A R E D O C T O R \ \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ ) \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ S Y S T E M 3 2 \ ' \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ W I N S X S \ z \ D E V I C E \ H A R D D I S K V O L U M E 2 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 5 5 1 2 _ X - W W _ 3 5 D 4 C E 8 3 \ 4 C C F 1 D F _ 1

I'll be waiting for further instructions, and i thank you again.
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 9th, 2008, 10:13 pm

Hi Striefsky2,

avg won't completely install onto my computer, and it won't let me delete it, and i can't get into it to uninstall it.

That's ok. We will deal with that later.

OTmoveit when trying to move those files, it would always stop responding.

That's ok. We will try a different way. Your system is severely infected by Vundo. Please be patient and follow the instructions as follows.

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofi ... e-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 9th, 2008, 11:50 pm

ComboFix 08-12-07.04 - HP_Owner 2008-12-09 22:27:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.586 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.dll
c:\program files\Common\helper.sig
c:\windows\IE4 Error Log.txt
c:\windows\system32\flkloqoy.ini
c:\windows\system32\fNnqXGgh.ini
c:\windows\system32\fNnqXGgh.ini2
c:\windows\system32\fttwluda.dll
c:\windows\system32\hgGXqnNf.dll
c:\windows\system32\khfCtrRK.dll
c:\windows\system32\kxmewb.dll
c:\windows\system32\kzzooy.dll
c:\windows\system32\mst120.dll
c:\windows\system32\nkkwkqxy.dll
c:\windows\system32\rvuxdgjx.ini
c:\windows\system32\uqjlxagj.dll
c:\windows\system32\xjgdxuvr.dll
c:\windows\system32\yxqkwkkn.ini
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-04 13:29 . 2008-12-09 16:44 <DIR> d-------- C:\rsit
2008-12-03 16:23 . 2008-12-03 16:23 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 12:19 . 2008-12-03 12:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16 . 2008-12-03 12:16 <DIR> d-------- c:\program files\AVG
2008-12-03 12:16 . 2008-12-09 15:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-03 12:16 . 2008-12-03 12:16 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-03 12:05 . 2008-12-03 12:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 22:02 . 2008-12-02 22:04 20 --a------ c:\windows\ÿÿ
2008-12-02 15:13 . 2008-12-09 06:09 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-02 15:13 . 2008-12-02 15:13 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\PC Tools
2008-12-02 15:13 . 2008-12-09 22:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 15:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 15:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 15:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 15:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-24 14:41 . 2008-11-24 14:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-19 22:09 . 2008-11-19 22:09 26,624 --a------ c:\documents and settings\HP_Owner\~.exe
2008-11-12 05:04 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 05:03 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-10 20:41 . 2008-12-09 22:28 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 21:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 02:27 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-12-03 00:28 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AOL
2008-12-03 00:28 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-03 00:15 --------- d-----w c:\program files\Common Files\AOL
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:10 --------- d-----w c:\program files\HP
2008-10-24 00:09 --------- d-----w c:\program files\Hewlett-Packard
2008-10-15 20:09 3,640 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2007-01-08 19:03 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-04 200704]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 299008]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 94208]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kzzooy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-12 16:23 42032 c:\program files\Common Files\AOL\Launch\aollaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 c:\program files\America Online 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-04-12 16:23 42032 c:\program files\Common Files\AOL\1132930441\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-03 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;c:\program files\Dynex Wireless G Enhanced Adapter\WLService.exe [2006-09-15 49152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - karen.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{271af152-6aeb-4d10-b571-fecf8d39ec43} - c:\windows\system32\kzzooy.dll
BHO-{9EB5163E-1E90-42B8-84DE-9C53EF7ED67C} - c:\windows\system32\ssqPgecd.dll
BHO-{F09F2FB5-F3EE-4D7D-A176-D17372AAE8FE} - c:\windows\system32\hgGXqnNf.dll
Toolbar-{68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - c:\program files\Pink Ribbon Toolbar\Toolbar.dll
WebBrowser-{68C70CAA-478A-4E77-ADF7-A4566A68B4AE} - c:\program files\Pink Ribbon Toolbar\Toolbar.dll
HKLM-Run-sscRun - c:\program files\Common Files\AOL\1132930441\ee\SSCRun.exe
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
HKLM-Run-OASClnt - c:\program files\mcafee.com\antivirus\oasclnt.exe
HKLM-Run-MPFExe - c:\program files\mcafee.com\personal firewall\MPfTray.exe
HKLM-Run-EmailScan - c:\program files\mcafee.com\antivirus\mcvsescn.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-AOLSPScheduler - c:\program files\Common Files\AOL\1132930441\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
MSConfigStartUp-FilmLoop - c:\program files\FilmLoop Player\FilmLoopService.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\4v1j6wa5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.facebook.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 22:43:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\lxcgcoms.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-09 22:47:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-10 03:46:56

Pre-Run: 161,189,195,776 bytes free
Post-Run: 161,044,803,584 bytes free

234 --- E O F --- 2008-11-12 20:41:52
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 10th, 2008, 7:37 am

Hi Striefsky2,



Step1

Go to start > run and copy and paste command below in the field:

"C:\Program Files\AVG\AVG8\setup.exe" /UNINSTALL

Hit enter.


Step2


  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Code: Select all
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step3

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step4

Please do an online scan with Kaspersky Online Scanner.


  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.

You can refer to this animation




Please post back the logs in your next reply.

1.KAS Scan Report
2.Combofix log

Tell me how your pc is running now.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 10th, 2008, 1:37 pm

ComboFix 08-12-09.03 - HP_Owner 2008-12-10 11:50:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.595 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-09 23:48 . 2008-12-09 23:48 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 23:16 . 2008-12-09 23:16 2 --a------ c:\windows\msoffice.ini
2008-12-04 13:29 . 2008-12-09 16:44 <DIR> d-------- C:\rsit
2008-12-03 16:23 . 2008-12-03 16:23 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 12:19 . 2008-12-03 12:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16 . 2008-12-03 12:16 <DIR> d-------- c:\program files\AVG
2008-12-03 12:16 . 2008-12-09 23:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-03 12:16 . 2008-12-03 12:16 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-03 12:05 . 2008-12-03 12:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 22:02 . 2008-12-02 22:04 20 --a------ c:\windows\ÿÿ
2008-12-02 15:13 . 2008-12-09 06:09 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-02 15:13 . 2008-12-02 15:13 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\PC Tools
2008-12-02 15:13 . 2008-12-09 22:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 15:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 15:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 15:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 15:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-24 14:41 . 2008-11-24 14:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-11-19 22:09 . 2008-11-19 22:09 26,624 --a------ c:\documents and settings\HP_Owner\~.exe
2008-11-12 05:04 . 2008-10-24 06:21 455,296 --a------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 05:03 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\dllcache\msxml3.dll
2008-11-10 20:41 . 2008-12-09 22:28 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 04:48 --------- d-----w c:\program files\Java
2008-12-10 04:25 --------- d-----w c:\program files\Common Files\AOL
2008-12-10 04:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-10 04:17 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AOL
2008-12-10 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-12-10 04:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 04:11 --------- d-----w c:\program files\Quicken
2008-12-10 04:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 04:08 --------- d-----w c:\program files\Viewpoint
2008-12-10 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-04 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 21:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 02:27 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:10 --------- d-----w c:\program files\HP
2008-10-24 00:09 --------- d-----w c:\program files\Hewlett-Packard
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 07:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 20:09 3,640 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2008-10-15 16:34 337,408 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 00:42 61,440 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2008-09-24 00:42 45,056 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2008-09-24 00:42 44,032 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2008-09-24 00:42 40,960 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2008-09-24 00:42 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2008-09-24 00:42 32,768 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2008-09-24 00:42 287,310 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2008-09-24 00:42 163,840 ----a-w c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2008-09-23 23:16 139,264 ----a-w c:\windows\system32\hpzjrd01.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\dllcache\msxml6.dll
2007-01-08 19:03 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-12-09_22.46.05.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\dllcache\icardie.dll
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-10 04:48:27 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-10 04:48:27 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-10 04:48:27 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-12-09 20:38:30 54,484 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-10 04:20:33 54,484 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-09 20:38:31 384,926 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-10 04:20:33 384,926 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:38 60,416 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-10 04:52:03 16,384 ----atw c:\windows\temp\Perflib_Perfdata_110.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 180269]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-06-08 11:19 94208 c:\program files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2005-05-03 13:20 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
--a------ 2005-05-04 18:24 200704 c:\program files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-03 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;c:\program files\Dynex Wireless G Enhanced Adapter\WLService.exe [2006-09-15 49152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - karen.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Aim6 - c:\program files\Common Files\AOL\Launch\AOLLaunch.exe
MSConfigStartUp-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE
MSConfigStartUp-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
MSConfigStartUp-HostManager - c:\program files\Common Files\AOL\1132930441\ee\AOLSoftware.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FireFox -: Profile - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\4v1j6wa5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.facebook.com
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 11:52:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2008-12-10 11:53:41
ComboFix-quarantined-files.txt 2008-12-10 16:52:56
ComboFix2.txt 2008-12-10 03:47:35

Pre-Run: 161,504,182,272 bytes free
Post-Run: 161,481,891,840 bytes free

391 --- E O F --- 2008-12-10 03:56:52


There's the combofix log.
the file avg could not be found again. so i could not uninstall the program.
and kaspersky online scanner screen wouldnt let me hit the accept button. I tried letting it load 100 times.

My computer is running better than before, just let me know what i should do next.
Thank you,
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 11th, 2008, 7:20 am

Hi Striefsky2,


Step1

Please go to Here to download AVG Remover utility which removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc.

Step2

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6-11 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.


Step3

While optimizing scan time and produce a sensible report for review with Kaspersky Online Scanner, please do the following:

1.Close any open programs
2.Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

If still no joy whatsoever, please try the following instead:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

In your next reply, please post back:

1.ESET Scanner log
2.RSIT log

Thanks
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 12th, 2008, 12:22 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, December 11, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, December 11, 2008 17:33:43
Records in database: 1452742
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 85088
Threat name: 12
Infected objects: 18
Suspicious objects: 0
Duration of the scan: 01:33:23


File name / Threat name / Threats count
C:\Documents and Settings\HP_Owner\Incomplete\T-1668023-TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\HP_Owner\Incomplete\T-1932810-Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3545425-4 am adam k soha remix kaskade.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\HP_Owner\My Documents\LimeWire\Saved\Blake Shelton - If This Is Austin.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\HP_Owner\My Documents\LimeWire\Saved\boys lady gaga.mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
C:\Documents and Settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\HP_Owner\My Documents\LimeWire\Saved\sober pink.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\HP_Owner\~.exe Infected: Trojan.Win32.Inject.ktq 1
C:\Program Files\iTunes\BearShareV6.exe Infected: not-a-virus:AdWare.Win32.Mostofate.aa 1
C:\Program Files\Online Services\AOL\United States\AOL90\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fttwluda.dll.vir Infected: Trojan.Win32.Monder.abke 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfCtrRK.dll.vir Infected: Trojan.Win32.Monderb.xiv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxmewb.dll.vir Infected: Trojan.Win32.Monder.abke 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kzzooy.dll.vir Infected: Trojan.Win32.Monder.abke 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mst120.dll.vir Infected: Trojan-Downloader.Win32.DlKroha.n 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\uqjlxagj.dll.vir Infected: Trojan.Win32.Monder.abke 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODIVK9MN\6002[1].exe Infected: Backdoor.Win32.Frauder.aac 1
D:\I386\Apps\APP21859\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-11 23:19:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 154 GB (84%) free of 183 GB
Total RAM: 958 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:01 PM, on 12/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9068 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - karen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-23 144896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-05-03 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-05-04 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
C:\PROGRA~1\SPRINT~1\MEMONI~1.EXE -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"avg8wd"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BackupNoCDBurning"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe


======List of files/folders created in the last 1 months======

2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 11:55:28 ----SHD---- C:\RECYCLER
2008-12-10 11:53:42 ----A---- C:\ComboFix.txt
2008-12-09 23:48:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 23:16:36 ----A---- C:\WINDOWS\msoffice.ini
2008-12-09 22:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 22:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 22:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 22:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 22:47:38 ----D---- C:\WINDOWS\temp
2008-12-09 22:24:02 ----A---- C:\WINDOWS\zip.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\sed.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\grep.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 22:23:47 ----D---- C:\WINDOWS\ERDNT
2008-12-09 22:23:47 ----D---- C:\Qoobox
2008-12-09 15:57:33 ----RASHD---- C:\autorun.inf
2008-12-04 13:29:45 ----D---- C:\rsit
2008-12-03 16:23:38 ----D---- C:\Program Files\Trend Micro
2008-12-03 12:18:42 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16:06 ----D---- C:\Program Files\AVG
2008-12-03 12:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 15:13:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 15:13:32 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 15:13:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-12-01 15:53:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-12-01 15:01:12 ----D---- C:\WINDOWS\Minidump
2008-11-24 14:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-11-12 15:39:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 15:39:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 15:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-11 23:19:54 ----D---- C:\WINDOWS\Prefetch
2008-12-11 23:15:41 ----D---- C:\Program Files\Mozilla Firefox
2008-12-11 16:54:59 ----ASH---- C:\boot.ini
2008-12-11 16:54:59 ----A---- C:\WINDOWS\win.ini
2008-12-11 16:54:59 ----A---- C:\WINDOWS\system.ini
2008-12-11 15:11:19 ----D---- C:\WINDOWS\system32
2008-12-11 15:11:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 15:10:54 ----D---- C:\WINDOWS
2008-12-11 15:06:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-11 15:00:32 ----SHD---- C:\WINDOWS\Installer
2008-12-11 15:00:10 ----D---- C:\Program Files\Java
2008-12-11 13:40:35 ----D---- C:\Program Files\Common Files
2008-12-10 11:51:36 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 11:51:35 ----D---- C:\WINDOWS\AppPatch
2008-12-09 23:25:52 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 23:20:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 23:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-09 23:18:52 ----D---- C:\Program Files\AOL
2008-12-09 23:17:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AOL
2008-12-09 23:16:53 ----D---- C:\Program Files
2008-12-09 23:14:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2008-12-09 23:11:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:11:08 ----D---- C:\Program Files\Quicken
2008-12-09 23:09:39 ----D---- C:\Program Files\Common Files\Apple
2008-12-09 23:08:30 ----D---- C:\Program Files\Viewpoint
2008-12-09 23:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-09 23:08:24 ----D---- C:\WINDOWS\HPCPCUninstall-9972322
2008-12-09 23:07:44 ----D---- C:\Program Files\Online Services
2008-12-09 23:07:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 23:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-09 23:00:22 ----D---- C:\WINDOWS\pss
2008-12-09 22:56:52 ----HD---- C:\WINDOWS\inf
2008-12-09 22:56:41 ----D---- C:\WINDOWS\system32\dllcache
2008-12-09 22:56:39 ----D---- C:\Program Files\Internet Explorer
2008-12-09 22:56:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 22:40:47 ----D---- C:\WINDOWS\system32\config
2008-12-09 22:28:08 ----D---- C:\Program Files\Common
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:23:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-12-03 20:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 16:36:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 15:41:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 12:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-02 22:30:56 ----A---- C:\VETlog.txt
2008-12-02 21:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-02 15:09:54 ----D---- C:\WINDOWS\Cursors
2008-12-02 15:09:31 ----D---- C:\WINDOWS\addins
2008-11-28 12:49:51 ----A---- C:\WINDOWS\WININIT.INI
2008-11-17 23:33:56 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-03 97928]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-15 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 BCM43XX;Dynex Wireless G Enhanced Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service; C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 49152]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-07-07 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-03 231704]
R4 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
everything worked except for uninstalling avg so below i have the log from avg uninstall. it kept not responding.

2008-12-11 18:33:42,984 A1206N Avg8Uninstall\Directories key failed to open (error: e0010013)
2008-12-11 18:33:43,015 A1206N AvgDir param empty.
2008-12-11 18:33:43,015 A1206N AvgDataDir param empty.
2008-12-11 18:33:45,281 A1206N AvgRemover runs in attempt number 1
2008-12-11 18:33:45,281 A1206N ***** Services *****
2008-12-11 18:33:45,281 A1206N Processing service avg8emc
2008-12-11 18:33:45,281 A1206N Service avg8emc is not installed
2008-12-11 18:33:45,281 A1206N Service avg8emc RegCleanup
2008-12-11 18:33:45,312 A1206N Processing service avgfws8
2008-12-11 18:33:45,312 A1206N Service avgfws8 is not installed
2008-12-11 18:33:45,312 A1206N Service avgfws8 RegCleanup
2008-12-11 18:33:45,312 A1206N Registry keys for service avgfws8 are not present
2008-12-11 18:33:45,312 A1206N Processing service avg8wd
2008-12-11 18:33:45,312 A1206N Service avg8wd BeforeStop
2008-12-11 18:33:55,171 A1206N Avg8Uninstall\Directories key failed to open (error: e0010013)
2008-12-11 18:33:55,171 A1206N AvgDir param empty.
2008-12-11 18:33:55,171 A1206N AvgDataDir param empty.
2008-12-11 18:33:56,203 A1206N AvgRemover runs in attempt number 1
2008-12-11 18:33:56,203 A1206N ***** Services *****
2008-12-11 18:33:56,203 A1206N Processing service avg8emc
2008-12-11 18:33:56,203 A1206N Service avg8emc is not installed
2008-12-11 18:33:56,218 A1206N Service avg8emc RegCleanup
2008-12-11 18:33:56,218 A1206N Registry keys for service avg8emc are not present
2008-12-11 18:33:56,218 A1206N Processing service avgfws8
2008-12-11 18:33:56,218 A1206N Service avgfws8 is not installed
2008-12-11 18:33:56,218 A1206N Service avgfws8 RegCleanup
2008-12-11 18:33:56,218 A1206N Registry keys for service avgfws8 are not present
2008-12-11 18:33:56,218 A1206N Processing service avg8wd
2008-12-11 18:33:56,218 A1206N Service avg8wd BeforeStop
2008-12-11 18:34:14,093 A1206N Avg8Uninstall\Directories key failed to open (error: e0010013)
2008-12-11 18:34:14,093 A1206N AvgDir param empty.
2008-12-11 18:34:14,093 A1206N AvgDataDir param empty.
2008-12-11 18:34:14,890 A1206N AvgRemover runs in attempt number 1
2008-12-11 18:34:14,890 A1206N ***** Services *****
2008-12-11 18:34:14,890 A1206N Processing service avg8emc
2008-12-11 18:34:14,906 A1206N Service avg8emc is not installed
2008-12-11 18:34:14,906 A1206N Service avg8emc RegCleanup
2008-12-11 18:34:14,906 A1206N Registry keys for service avg8emc are not present
2008-12-11 18:34:14,906 A1206N Processing service avgfws8
2008-12-11 18:34:14,906 A1206N Service avgfws8 is not installed
2008-12-11 18:34:14,906 A1206N Service avgfws8 RegCleanup
2008-12-11 18:34:14,906 A1206N Registry keys for service avgfws8 are not present
2008-12-11 18:34:14,906 A1206N Processing service avg8wd
2008-12-11 18:34:14,906 A1206N Service avg8wd BeforeStop
2008-12-11 18:35:02,671 A1206N Avg8Uninstall\Directories key failed to open (error: e0010013)
2008-12-11 18:35:02,671 A1206N AvgDir param empty.
2008-12-11 18:35:02,671 A1206N AvgDataDir param empty.
2008-12-11 18:35:04,375 A1206N AvgRemover runs in attempt number 1
2008-12-11 18:35:04,375 A1206N ***** Services *****
2008-12-11 18:35:04,375 A1206N Processing service avg8emc
2008-12-11 18:35:04,375 A1206N Service avg8emc is not installed
2008-12-11 18:35:04,375 A1206N Service avg8emc RegCleanup
2008-12-11 18:35:04,375 A1206N Registry keys for service avg8emc are not present
2008-12-11 18:35:04,375 A1206N Processing service avgfws8
2008-12-11 18:35:04,375 A1206N Service avgfws8 is not installed
2008-12-11 18:35:04,375 A1206N Service avgfws8 RegCleanup
2008-12-11 18:35:04,375 A1206N Registry keys for service avgfws8 are not present
2008-12-11 18:35:04,375 A1206N Processing service avg8wd
2008-12-11 18:35:04,375 A1206N Service avg8wd BeforeStop
2008-12-11 18:43:42,250 A1206N Avg8Uninstall\Directories key failed to open (error: e0010013)
2008-12-11 18:43:42,296 A1206N AvgDir param empty.
2008-12-11 18:43:42,296 A1206N AvgDataDir param empty.
2008-12-11 18:43:43,453 A1206N AvgRemover runs in attempt number 1
2008-12-11 18:43:43,453 A1206N ***** Services *****
2008-12-11 18:43:43,453 A1206N Processing service avg8emc
2008-12-11 18:43:43,453 A1206N Service avg8emc is not installed
2008-12-11 18:43:43,453 A1206N Service avg8emc RegCleanup
2008-12-11 18:43:43,453 A1206N Registry keys for service avg8emc are not present
2008-12-11 18:43:43,453 A1206N Processing service avgfws8
2008-12-11 18:43:43,468 A1206N Service avgfws8 is not installed
2008-12-11 18:43:43,468 A1206N Service avgfws8 RegCleanup
2008-12-11 18:43:43,468 A1206N Registry keys for service avgfws8 are not present
2008-12-11 18:43:43,468 A1206N Processing service avg8wd
2008-12-11 18:43:43,468 A1206N Service avg8wd BeforeStop

thanks again for your help. looking forward to hearing from you again.
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 13th, 2008, 11:39 pm

Hi Striefsky2,


Step1


  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Code: Select all
File::
C:\Documents and Settings\HP_Owner\Incomplete\T-1668023-TOTALLY HIP TRACK.wma 
C:\Documents and Settings\HP_Owner\Incomplete\T-1932810-Wicked Remix.wma 
C:\Program Files\iTunes\BearShareV6.exe
C:\Documents and Settings\HP_Owner\~.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODIVK9MN\6002[1].exe
D:\I386\Apps\APP21859\src\HPSummer2005.exe 
Folder::
C:\Documents and Settings\HP_Owner\My Documents\LimeWire
C:\Program Files\AVG
Registry::
R3 - URLSearchHook: (no name) -- (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=-
Driver::
AvgLdx86
avg8wd

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next reply, please post back:

1.Combofix log
2.RSIT log


Tell me how your pc is running now.
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 14th, 2008, 2:46 pm

ComboFix 08-12-14.01 - HP_Owner 2008-12-14 13:31:55.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.625 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\HP_Owner\~.exe
c:\documents and settings\HP_Owner\Incomplete\T-1668023-TOTALLY HIP TRACK.wma
c:\documents and settings\HP_Owner\Incomplete\T-1932810-Wicked Remix.wma
c:\documents and settings\HP_Owner\My Documents\LimeWire
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3545425-4 am adam k soha remix kaskade.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3545425-krazy remix pitbull.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3622590-Brad Paisley - We Danced.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3691144-Ray Price - For The Good Times.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-3740863-Keith Urban- Somebody Like You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-4628353-The Pussycat Dolls - PCD - 08 - How Many Times How Many Lies.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-4847090-Chris Brown - Exclusive The Forever Edition - 17 - Forever.wma
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-4851046-_Sober.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-4967029-New Kids On The Block - Summertime (2008 CDQ)(4).MP3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5081392-Pink Floyd - Wish You Were Here.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5111727-2 Pistols ft. T-Pain - She Got It.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5450544-Will Smith feat. Nicole of the Pussycat Dolls - If You Can't Dance (Slide).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5481788-Young Divas - Turn Me Loose.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5484294-Kelly Clarkson - Sober.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5661422-Kelly Pickler - Things That Never Cross A Man's Mind.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5734111-Kenny Chesney - Better as a Memory.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-5755299-dance Pussycat Dolls - Don t Cha UltiMix.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-7220090-M.I.A. - Paper Planes (Remix) (feat. Bun B & Rich Boy) (produced by Diplo).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Incomplete\T-8178723-lady gaga - boys boys boys.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\ Wasted.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\04 - Carrie Underwood - Just A Dream.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\05 All I Need to Know.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\05 You'll Always Be My Baby.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\07 - Carrie Underwood - Before He Cheats.Mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Pink - It's All Your Fault.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years-Waking Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Actions & Motives.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Beautiful.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Drug Of Choice.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Dying Youth.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 years - focus.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Half Life.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years - Picture Perfect (In Your Eyes).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\10 Years After - I'd Love To Change the World.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\12-Juelz Santana Feat. Lil Wayne - Rewind.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\2 Pistols ft. T-Pain - She Got It.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\4 am adam k soha remix kaskade.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\50 Cent - Get Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\80s - Belinda Carlisle - Heaven Is A Place On Earth.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\AFI - Summer Shudder.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\AFI - The Last Kiss.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Akon - I'm So Paid (ft. Lil Wayne).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Akon - Right Now Na Na Na.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Akon ft. Kardinal Offishall - Dangerous (2008).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - GoodTime.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - Livin' On Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - Remember When.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - She's Gone Country.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - When Daddy Let Me Drive.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson - Who's Cheatin' Who.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alan Jackson & Jimmy Buffett - It's Five O'clock Somewhere(5).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Large.jpg
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\AlbumArt_{5C307EDE-8241-46AE-B994-DBC97C557051}_Small.jpg
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\AlbumArtSmall.jpg
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Alicia Keys- No One.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Allan Jackson - Gone Country.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Allen jackson- its five o'clock somewhere------country.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Allison Krauss - When You Say Nothing At All.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Apocalyptica - I Don't Care.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Atlantic Starr - Always.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Avenged Sevenfold - Afterlife.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Avenged Sevenfold - Almost Easy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Avenged Sevenfold - Seize The Day.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\B.G. feat. Mannie Fresh - Move Around.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Backstreet Boys - The Call.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Beyonce - Diva.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Billy Ray Cyrus ft. Miley Cyrus - Ready Set Don't Go.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Blake Shelton - Don't Make Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Blake Shelton - Every Time I Look At You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Blake Shelton - If This Is Austin.wma
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Bow Wow and Soulja Boy - Marco Polo.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\boys lady gaga.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Boyz 2 Men - I can love you like that.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brad Paisley-Ticks.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brad Paisley - Half The Dad He Didn't Have To Be.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brad Paisley - I'm Gonna Miss Her.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brad Paisley - Shes Everything.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brad Paisley - What If She's An Angel.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brooks 'n Dunn- I'm In A Hurry And Don't Know Why.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brooks & Dunn - She's Not the Cheatin' Kind.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brooks and Dunn - Boot Scoot 'n Boogie.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Brooks and Dunn - She's Not the Cheating Kind.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Bryan Adams - Love Songs - When I see you smile.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\bun b ft sean kingston - thats gangsta.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Bun B FT. Sean Kingston & Lil Wayne & Brisco - That's Gangsta REMIX.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Carlos Santana and Rob Thomas - Smooth.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Carolina Liar- I'm Not Over.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Carolina Liar - I'm Not Over.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Carrie Underwood - Before He Cheats.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Carrie Underwood - Jesus Take The Wheel.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Casely-Emotional (Remix) (ft. Flo-Rida)-RGF.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Casely Ft. Pitbull - Emotional Remix.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Celine Dion - My Heart Will Go On (Titanic Theme Song).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Cher - It's In His Kiss (The Shoop Shoop Song).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Cherish - Unappreciated - 12 - Moment In Time.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Brown - Forever.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Brown - Say Good-Bye.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Cagle - I Breathe In, I Breathe Out.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Cagle - What Kinda Gone.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Daughtry - Home.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Daughtry - What About Now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Chris Ledoux - Fathers And Sons.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Christina Aguilera - I Turn To You (Live Acapella).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Christmas Love Songs - Miss You Most ( At Christmas Time) - Mariah Carey.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\clint black - If Tommorow Never Comes.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Clint Black & Lisa Hartman Black - When I Said I Do.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Colbie Caillat - Realize.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Colby O Donis ft Akon - What You Got.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Colin Raye- Country Love Songs- One boy, one girl.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Colin Raye - If You Get There Before I Do1.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Colin Raye - That's My Story & I'm Stickin' To It.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Collin Raye - One Boy, One Girl .mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Conway Twitty - Tight fitting Jeans.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country- Toby Keith- Who's Your Daddy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country-Toby Kieth - Should Of Been A Cowboy.MP3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country - LeAnne Rhimes - Wedding Songs - Some Say Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country - Rascal Flats and She Daisy - I Did It All For You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country Christmas - New Again - Brad Paisley & Sara Evans.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Country Dixie Chicks - We Danced Anyway.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\CRAIG DAVID - 7 DAYS.MP3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Craig David - Fill Me In.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Craig David - Rendezvous.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Craig David ft. Mos Def - 7 Days (Remix).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Craig Morgan - that's what I like about Sundays.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Craig Morgan - Tough.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Daryl Hall & John Oats - Everytime You Go Away.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\David Allen Coe- If That Ain't Country I'll Kiss Your Ass.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\David Archuleta - Crush.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\David Banner Ft Chris Brown, Yung Joc & Jim Jones - Get like Me(1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\David Banner Ft Chris Brown, Yung Joc & Jim Jones - Get like Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\david banner ft lil wayne-shawty say.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\David Cook - Light On.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\desktop.ini
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Diamond Rio - Meet In The Middle.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Diamond Rio - One More Day With You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Diamond rio - She Don't Know She's Beautiful.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Dierks Bently - What was I thinking.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\DJ Felli Fel Ft. Ne-Yo & Fabolous & Kanye West & Jermaine Dupri - The Finer Things.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\DJ Khaled - Out Here Grinding ft Rick Ross,Plies,Trick Daddy,Lil Wayne,Akon,Ace Hood,Lil Boosie (Dirty).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Elvis Presely -Suspicious Minds.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Elvis Presley - Can't Help Falling in Love with You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Elvis Presley - You Were Always On My Mind.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Enur Feat Natasja - Calabria 2008.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Enur ft. Natasja & Mims - Calabria (Remix).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Estelle - American Boy ft Kanye West.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evanescence - Call Me When You're Sober.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - Beg.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - Black Hole.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - Eclipsed.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - Quote.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - Stop And Say You Love Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Evans Blue - The Pursuit.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Faith Hill - This Kiss.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Faith Hill & Tim McGraw - Just To Hear You Say That You Love Me - Country - 90's.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Fat Joe feat J. Holiday - I Won't Tell.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Fergie - Big Girls Dont Cry.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Five Finger Death Punch - Never Enough.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Five Times August - Up To Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Flaw - My Letter.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Fleetwood Mac & Stevie Nicks - Tell Me Lies.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Flo Rida feat. Timbaland - Elevator.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Flobots - Handlebars.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Folder.jpg
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - Aint Going Down Till the Sun Comes Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - Butterfly Kisses.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - If Tomorrow Never Comes.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - That Summer.wma
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - The Dance.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - Two Of A Kind, Workin' On A Full House.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - Two Pina Coladas.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks - Unanswered Prayers.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Garth Brooks & Huey Lewis - Workin' For A Livin'.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gary Allen - Nothing On But The Radio.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gary Allen - Until Your Sure That I'm The One .mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Michaels - One More Try.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Straight - A Fathers Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Straight - Carrying Your Love With Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Straight - Write this down.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Strait - I Hate Everything.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\George Strait - I Saw God Today.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\george strait - the best day of my life.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\gloria estefan - anything for you.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Grass Roots - Sooner Or Later (AM Gold The Early '70s).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Grass Roots - Two Divided By Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gretchen Wilson - All Jacked Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gretchen Wilson - I Don't Feel Like Loving You Today.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gretchen Wilson - When I Think About Cheatin'.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gretchin Wilson-Here for the Party.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Gretchin Wilson - When I Think About Cheating.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Grethen Wilson - Redneck Woman.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Heart - Alone.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Heartland - I Loved Her First (2006).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Heartland - I loved her first.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Heatwave - Always and Forever.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Hold Onto Nights Richard Marz.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Hot Styles - Looking Boy (ft Yung Joc).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jake Owen-Something About A Women.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jake Owen - A Long Night With You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jake Owens - Somethin' About A Woman.wma
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jason Aldean - Relentless - 02 - Laughed until we cried.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jason Mraz - I'm Yours.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jesse McCartney - It's Over.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jesse McCartney - Leavin'.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jesus Take The Wheel.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jewel - kiss Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jewel - You Were Meant For Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jimmy Buffett -- Hey Good Lookin (Clint Black, Kenny_Chesney,_Toby_Keith,_Alan_Jackson_and_George_Strait)_-_Hey_Good_Lookin'.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jimmy Buffett - Cheeseburger In Paradise.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Jo Dee Messina - I Want A Man Who Stands Beside Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\JoDee Messina - Because you Love Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Joe Dee Messina - Bye, Bye.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Joe Diffie - It's Always Something.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Joe Nichols - I'll Wait For You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Joe Nichols - Tequila Makes Her Clothes Fall (Clint Black, Kenny_Chesney,_Toby_Keith,_Alan_Jackson_and_George_Strait)_-_Hey_Good_Lookin'.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Johnny Hates Jazz - Shattered Dreams.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Josh Turner - Your Man.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Justin Timberlake - Losing My Way.m4a
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Justin Timberlake ft Timberland - What You Got (Oh No).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Justin Timberlake ft. Madona - 4 minutes to save the world.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Bitter Sweet - ft John Mayer.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Graduation - 09 - Flashing Lights (Ft. Dwele).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Graduation - 12 - Homecoming (feat. Chris Martin).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Hey Momma.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Jesus Walks With Me (Jarhead Soundtrack).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West - Love Lockdown.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West ft John Mayer - Bitter Sweet(remix).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kanye West ft. T-Pain - Heartless.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Katy Perry - I Kissed A Girl.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kayne West - Love Lockdown.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Keith Urban - But For The Grace Of God.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Keith Urban - You'll Think Of Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kelly Pickler - Didn't Know How Much I Loved You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kelly Pickler - I Wonder.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kelly Pickler - Small Town Girl.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenney Chesney - She Don't Know She's Beautiful.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny chensey - No Shoes, No Shirt.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Chesney- When The Sun Goes Down (Uncle Kracker).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Chesney - There Goes My Life.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Chesney - When I Think About Leaving.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny G, Michael Bolton, Sade - Endless Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Rogers - Buy Me A Rose.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Rogers - Lady.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Rogers - Through The Years.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Rogers & Dolly Parton - Country Christmas songs - The Greatest Gift Of All.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kenny Rogers & Dolly Parton - I Will Always Love You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Kevin Rudolf ft Lil Wayne - Let It Rock.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lee Ann Womack -- He Oughta Know That By Now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lee Ann Womack - I May Hate Myself In The Morning.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Leona Lewis- Bleeding love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Leona Lewis - Keep Bleeding Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Leona Lewis - The Best You Never Had.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\let me sample that bubblegum.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil' Wayne- Lollipop ft. Static Major (dirty).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Mama - G Slide.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne- Go DJ.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - 11 - Da Drought 3 pt. 2 - Back On My Grizzy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - A Millie ft. Cory Gunz.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Squad up - oops oh my (unrealeased).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter 3 - 04 - Let Em (Ft. Reel).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter 3 - 05 - Long Time Coming (Remix).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter 3 - 07 - Mr. Postman.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter III - 01 - 3 Peat.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter III - 05 - Comfortable Featuring Babyface.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter III - 3 Peat.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - Tha Carter III - Cry Out.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - The Carter 3 - 05 - Get It On .mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - The Carter 3 - 13 - Life.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - The Carter 3 - Droppin Knowledge 2(1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne - The Carter 3 - pump that bass (new).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne & Young Jeezy - Everytime The Beat Drop.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil Wayne, - Done Deal- The Carter(3).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil__Wayne-Dr._Carter.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lil__Wayne-Playing_With_Fire.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Linkin Park - Giving Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lloyd ft. Lil Wayne - Girls All Around World.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Lonestar - Mister Mom.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Loretta Lynn & Patsy Cline - Your Cheatin' Heart .mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Ludacris feat. Chris Brown & Sean Garrett - What Them Girls Like.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\M.I.A.-Paper Planes Remix - MIA ft. Lil Wayne.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\M.I.A. - Paper Planes.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Madonna - 4 Minutes To Save The World (Ft. Justin Timberlake & Timbaland).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mariah Carey - Christmas (Baby Please Come Home).WMA
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mariah Carey - Touch my body.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mariah Carey and Luther Vandross - Endless Love (Wedding Songs).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mariah Carey ft. Usher - Me and My Boyfriend.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mark Chesnutt - It's A Little Too Late.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Maroon 5 ft Rihanna - If I Never See Your Face Again.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Martina McBride - Daddys little girl - Song for mom(wedding songs).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Martina Mcbride - My Baby Loves Me Just The Way That I Am.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Martina McBride & Tim McGraw - When You Say Nothing At All.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Michael Bolton - How Am I Supposed To Live Without You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Michael Bolton - If You Don't Know Me By Now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Michael Bolton - When A Man Loves A Woman.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Mike Reno & Ann Wilson - Almost Paradise.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\miley cirus 7 things.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Miley Cyrus - 7 Things.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Montgomery Gentry-She Couldn't Change Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Montgomery Gentry - Back when I knew it all.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Montgomery Gentry - Hell Yeah!!.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Montgomery Gentry - Hell Yeah.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\N Sync - Nsync - Girlfriend ft Nelly.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Nelly ft. Fergie- Party People .mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\NERD Feat. Kanye West, Lupe Fiasco & Pusha T - Everyone Noses (Remix).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\New Kids On The Block - Summertime .MP3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\OAR - Shattered.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Paramore - That's What You Get.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Patsy Cline - I Fall To Pieces.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Patsy Cline - Stand By Your Man.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Patty Loveless - Blame it On Your Lyin,Cheatin' Heart.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Peter Cetera & Cher - After All.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Phil Collins - Another Day In Paradise.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Phil Collins - Do You Remember.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Pink - Leave Me Alone (I'm Lonely).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Pink - Sober.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Pitbull Ft. Lil Jon - Krazy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Plies - Bust It Baby (Dirty).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Pussycat Dolls - When I Grow Up.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Randy Travis - Angels Among Us ( with Alan Jackson, Clint Black, & Garth Brooks LIVE extremely rare!!).MP3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rascal Flats - Waiting All My Life.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\rascall flatts - rascal flats - i m moving on.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Reba McEntire & Brooks and Dunn- If You See Him, Her.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rehab - Sittin' At A Bar (The Bartender Song).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\REO Speedwagon - Can't Fight This Feeling - Soft Rock_ 36 Classic Rock Ballads.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rev Theory - Hell Yeah.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Richard Marks - Endless Summer Nights.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Richard Marks - Should've Known Better.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Robin Thicke- Magic.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rocko - Umma Do Me (Remix) Feat. Rick Ross, T.I. & Young Jeezy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rocko - Umma Do Me dirty.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rodney Adkins - I've been watching you.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Rodney Adkins - My Little Buckaroo.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Ronnie Milsap - I Wouldn't Have Missed It For The World.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Ronnie Milsap - Lost In The 50s Tonight (In The Still Of The Night).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Ronnie Milsap - There Ain't No Getting Over Me.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sara Bareilles - Love Song.mp2
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sara Evans - When You Were Cheating.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sarah Evans - I Could Not Ask for More.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sarah Mclachlan - i will remember you.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Savage - Swing (Dirty).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Saving Abel - Addicted.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Seether - Breakdown.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Seether - Rise Above This.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - Forever And For Always.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - From This Moment (w- Brian White) (1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - Honey, I'm Home.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - If You're Not In It For Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - Man I Feel Like A Woman.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shania Twain - Whose Bed Have Your Boots Been Under.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shawty Lo - Dey Know.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Shontelle - T-Shirt.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Silkk Da Shocker ft Petey Pablo & Master P - We Like Them Girls remix.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Slide - Cupid Shuffle Remix (Feat. DJ UNK & Fabo).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\slim of 112 ft. yung joc - so fly.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Slow songs - Bryan Adams - When You Love Someone (Hope Float.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Snoop Dogg - Sexual Eruption (Dirty).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\sober pink.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Soft Rock - 80's - Roxette - It Must Have Been Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Stabbing Westward - Shame.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Staind - Believe(1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Step Up 2 Soundtrack - Timbaland - Bounce (Feat. Dr.Dre, Missy & Justin Timberlake).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Steve Miller Band - Keep On Rocking Me Baby.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Steve Miller Band - Old Time Rock & Roll.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sugarland - All I Want To Do.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sugarland - Already Gone.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sugarland - Stay.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Sugarland - Want To.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\T-Pain ft. 2 Pistols, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana -- She Got It [Remix].mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\T-Pain Ft. Lil' Wayne - Can't Believe It.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\T.I feat. Kanye West, Jay-Z & Lil Wayne - Swagger Like Us.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\T.I. - No Matter What.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\T.I. - Paper Trail - What Up, What's Happening.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift- should've said no.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift - Breathe.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift - Love Story.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift - Picture To Burn.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift - Teardrops on My Guitar.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Taylor Swift - Tim Magraw.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tears For Fears - Everybody Wants To Rule The World.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\The Dream - Falsetto.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\The Eagles - Too Busy Being Fabulous.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\The Killers - Human.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\the mammas and the pappas - i saw her again last night - mamas & papas- i saw her again last night.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\The Offspring - You're Gonna Go Far, Kid.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\The Rocket Summer - Brat Pack.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Theory of a Deadman - Bad Girlfriend(1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Three 6 Mafia - Lolli lolli (pop that body) (feat. Project Pat, Young D and Superpower).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\TI - WHATEVER YOU LIKE (DIRTY).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mc Graw - Angry All The Time.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mc Graw - Back When.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mc Graw - I Like It I, I love it.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mcgraw - Back When.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mcgraw - Country Boys and Girls Gettin' Down on the Farm.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mcgraw & Faith Hill - Its Your Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim Mcgraw & Toby Keith - Where the Green Grass Grows.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tim McGraw, Kenny Chesney, Garth Brooks - Gin and Juice.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Timbaland Feat. Justin Timberlake & Jay-Z - Laff At Em (Remix) (Prod. By Timberland) (2007).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tobey Keith - How do ya like me now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - A Little Less Talk And A Lot More Action.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - A Little Too Late.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - As Good As I Once Was.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Beer For My Horses (With Willie Nelson) (1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Gimme 8 Seconds.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - How Do You Like Me Now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Hucklebetrry.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - I'm Just Talkin' About Tonight.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\toby keith - Next Thing On My List.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - She Don't Know She's Beautiful.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Should Have Been A Cowboy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Ten Rounds with Jose Cuervo.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Who's Your Daddy - new country.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - Wish I Didn't Know Now.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - You Ain't Much Fun Since I Quit Drinking.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith - You Shouldn't Kiss Me Like This.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Toby Keith & Willie Nelson - Whiskey for My Men, Beer For My Horses.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trace Adkins - One Hot Mama.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trace Adkins - Ten Rounds with Jose Cuervo.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trace Adkins - Your Gonna Miss This.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trace Adkins - Youre Gonna Miss This.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tracy Lawrence - If I Don't Make It Back.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tracy Ullman - They Don't Know About Us.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trapt - Who's Going Home With You Tonight.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Travis Tritt - Here's A Quarter.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Travis Tritt - It's a great day to be alive.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trisha Yearwood-The Song Remembers When.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trisha Yearwood - I Would Have Loved You Anyways.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trisha Yearwood - Ribbons And Bows.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trisha Yearwood - She's In Love With The Boy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Trisha Yearwood - X's and O's.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Tyga-Coconut Juice.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Usher ft. Beyonce & Lil Wayne- Love In This Club part 2.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Usher ft. Young Jeezy - Make Love In This Club(1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\V.I.C. - Get Silly feat. Soulja Boy.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Wedding Songs - Eddie Rabbitt, Crystal Gayle - You And I - 07 - Number One Country Love Songs.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Wedding songs - Marvin Gaye - When a Man Loves A Woman.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Wedding Songs - Tim Mcgraw & Faith Hill - Its Your Love.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Weezer - Troublemaker.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston-I believe the children are our future.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston - I Will Always Love You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston - One Moment In Time.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston - The Greatest Love of All.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston - Unbreak My Heart.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Whitney Houston - Where Do Broken Hearts Go.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Will To Power - Baby, I Love Your Way Freebird.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Witney Houston - One Moment in Time (1).mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Xmas Songs - Mariah Carey - All I Want For Christmas Is You.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Young Jeezy ft Kanye West - I Put On.mp3
c:\documents and settings\HP_Owner\My Documents\LimeWire\Saved\Young Jeezy Ft. Kanye West - I Put On.mp3
c:\program files\AVG
c:\program files\AVG\AVG8\avgcfgx.dll
c:\program files\AVG\AVG8\avgcorex.dll
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avglogx.dll
c:\program files\AVG\AVG8\avgwd.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\iTunes\BearShareV6.exe
c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODIVK9MN\6002[1].exe
d:\i386\Apps\APP21859\src\HPSummer2005.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Service_avg8wd
-------\Service_AvgLdx86
-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Service_avg8wd
-------\Service_AvgLdx86


((((((((((((((((((((((((( Files Created from 2008-11-14 to 2008-12-14 )))))))))))))))))))))))))))))))
.

2008-12-11 15:00 . 2008-12-11 15:00 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-11 13:43 . 2008-12-11 14:56 <DIR> d-------- c:\documents and settings\HP_Owner\.SunDownloadManager
2008-12-09 23:48 . 2008-12-11 15:00 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 23:16 . 2008-12-09 23:16 2 --a------ c:\windows\msoffice.ini
2008-12-04 13:29 . 2008-12-11 23:19 <DIR> d-------- C:\rsit
2008-12-03 16:23 . 2008-12-03 16:23 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 12:19 . 2008-12-03 12:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-03 12:18 . 2008-12-03 12:18 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16 . 2008-12-09 23:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-03 12:16 . 2008-12-03 12:16 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-03 12:05 . 2008-12-03 12:05 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-02 22:02 . 2008-12-02 22:04 20 --a------ c:\windows\ÿÿ
2008-12-02 15:13 . 2008-12-09 06:09 <DIR> d-------- c:\program files\Spyware Doctor
2008-12-02 15:13 . 2008-12-02 15:13 <DIR> d-------- c:\documents and settings\HP_Owner\Application Data\PC Tools
2008-12-02 15:13 . 2008-12-09 22:12 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-02 15:13 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-12-02 15:13 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-12-02 15:13 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-12-02 15:13 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-24 14:41 . 2008-11-24 14:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 18:23 --------- d-----w c:\program files\iTunes
2008-12-11 20:00 --------- d-----w c:\program files\Java
2008-12-10 04:25 --------- d-----w c:\program files\Common Files\AOL
2008-12-10 04:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-10 04:17 --------- d-----w c:\documents and settings\HP_Owner\Application Data\AOL
2008-12-10 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak
2008-12-10 04:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 04:11 --------- d-----w c:\program files\Quicken
2008-12-10 04:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-10 04:08 --------- d-----w c:\program files\Viewpoint
2008-12-10 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-10 03:28 --------- d-----w c:\program files\Common
2008-12-04 01:04 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 21:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-03 02:27 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:10 --------- d-----w c:\program files\HP
2008-10-24 00:09 --------- d-----w c:\program files\Hewlett-Packard
2008-10-15 20:09 3,640 ----a-w c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
2007-01-08 19:03 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-12-10_11.52.37.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12:27 169,984 ----a-w c:\windows\system32\dllcache\msconfig.exe
- 2008-12-10 04:48:27 144,792 ----a-w c:\windows\system32\java.exe
+ 2008-12-11 20:00:12 144,792 ----a-w c:\windows\system32\java.exe
- 2008-12-10 04:48:27 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-11 20:00:12 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-12-10 04:48:27 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-11 20:00:12 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-12-10 04:20:33 54,484 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-11 20:11:19 54,484 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-10 04:20:33 384,926 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-11 20:11:19 384,926 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-14 18:35:38 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-19 180269]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 253952]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2004-02-23 144896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 c:\windows\sm56hlpr.exe]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MEMonitor.lnk
backup=c:\windows\pss\MEMonitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
--a------ 2005-06-08 11:19 94208 c:\program files\Lexmark 2300 Series\ezprint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2005-05-03 13:20 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 01:35 49152 c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
--a------ 2005-05-04 18:24 200704 c:\program files\Lexmark 2300 Series\lxcgmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2 (0x2)
"avg8wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service;c:\program files\Dynex Wireless G Enhanced Adapter\WLService.exe [2006-09-15 49152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-12-02 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
\Shell\AutoRun\command - j:\jdsecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-09 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - karen.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\4v1j6wa5.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 13:35:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-12-14 13:38:26 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-12-14 18:37:52
ComboFix2.txt 2008-12-10 16:53:42
ComboFix3.txt 2008-12-10 03:47:35

Pre-Run: 161,348,284,416 bytes free
Post-Run: 161,325,215,744 bytes free

689 --- E O F --- 2008-12-11 21:48:43


Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-14 13:45:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 154 GB (84%) free of 183 GB
Total RAM: 958 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:34 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8827 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - karen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-23 144896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-05-03 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-05-04 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
C:\PROGRA~1\SPRINT~1\MEMONI~1.EXE -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"avg8wd"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BackupNoCDBurning"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe


======List of files/folders created in the last 1 months======

2008-12-14 13:45:20 ----SHD---- C:\RECYCLER
2008-12-14 13:38:27 ----A---- C:\ComboFix.txt
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\java.exe
2008-12-09 23:48:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 23:16:36 ----A---- C:\WINDOWS\msoffice.ini
2008-12-09 22:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 22:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 22:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 22:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 22:47:38 ----D---- C:\WINDOWS\temp
2008-12-09 22:24:02 ----A---- C:\WINDOWS\zip.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\sed.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\grep.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 22:23:47 ----D---- C:\WINDOWS\ERDNT
2008-12-09 22:23:47 ----D---- C:\Qoobox
2008-12-09 15:57:33 ----RASHD---- C:\autorun.inf
2008-12-04 13:29:45 ----D---- C:\rsit
2008-12-03 16:23:38 ----D---- C:\Program Files\Trend Micro
2008-12-03 12:18:42 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AVGTOOLBAR
2008-12-03 12:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 15:13:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 15:13:32 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 15:13:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-12-01 15:53:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-12-01 15:01:12 ----D---- C:\WINDOWS\Minidump
2008-11-24 14:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

======List of files/folders modified in the last 1 months======

2008-12-14 13:43:48 ----D---- C:\WINDOWS\Prefetch
2008-12-14 13:43:39 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 13:38:30 ----D---- C:\WINDOWS\system32
2008-12-14 13:38:29 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 13:38:29 ----D---- C:\WINDOWS
2008-12-14 13:35:43 ----A---- C:\WINDOWS\system.ini
2008-12-14 13:34:09 ----D---- C:\WINDOWS\system32\config
2008-12-14 13:32:59 ----D---- C:\WINDOWS\AppPatch
2008-12-14 13:32:59 ----D---- C:\Program Files\Common Files
2008-12-14 13:31:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 13:24:39 ----D---- C:\WINDOWS\system32\dllcache
2008-12-14 13:23:15 ----D---- C:\Program Files
2008-12-14 13:23:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 13:23:13 ----D---- C:\Program Files\iTunes
2008-12-11 16:54:59 ----ASH---- C:\boot.ini
2008-12-11 16:54:59 ----A---- C:\WINDOWS\win.ini
2008-12-11 15:11:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 15:00:32 ----SHD---- C:\WINDOWS\Installer
2008-12-11 15:00:10 ----D---- C:\Program Files\Java
2008-12-09 23:25:52 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 23:20:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 23:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-09 23:18:52 ----D---- C:\Program Files\AOL
2008-12-09 23:17:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AOL
2008-12-09 23:14:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2008-12-09 23:11:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:11:08 ----D---- C:\Program Files\Quicken
2008-12-09 23:09:39 ----D---- C:\Program Files\Common Files\Apple
2008-12-09 23:08:30 ----D---- C:\Program Files\Viewpoint
2008-12-09 23:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-09 23:08:24 ----D---- C:\WINDOWS\HPCPCUninstall-9972322
2008-12-09 23:07:44 ----D---- C:\Program Files\Online Services
2008-12-09 23:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-09 23:00:22 ----D---- C:\WINDOWS\pss
2008-12-09 22:56:52 ----HD---- C:\WINDOWS\inf
2008-12-09 22:56:39 ----D---- C:\Program Files\Internet Explorer
2008-12-09 22:56:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 22:28:08 ----D---- C:\Program Files\Common
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:23:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-12-03 20:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 16:36:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 15:41:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 12:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-02 22:30:56 ----A---- C:\VETlog.txt
2008-12-02 21:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-02 15:09:54 ----D---- C:\WINDOWS\Cursors
2008-12-02 15:09:31 ----D---- C:\WINDOWS\addins
2008-11-28 12:49:51 ----A---- C:\WINDOWS\WININIT.INI
2008-11-17 23:33:56 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-15 17801]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-03 76040]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 BCM43XX;Dynex Wireless G Enhanced Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-03 26824]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service; C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 49152]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-07-07 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]

-----------------EOF-----------------


thank you.
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm

Re: Help hijackthis report included

Unread postby davis » December 15th, 2008, 7:21 am

Hi Striefsky2,


Step1

1.Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Reboot your pc.


Step2

Now, the AVG main instance is gone. You can use AVG Remover utility once more to clean the leftovers if you feel comfortable.

Please go to Here to download AVG Remover utility which removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc.


In your next reply, please post back:


1.RSIT log.txt and info.txt. (Before running RSIT, please delete the folder C:\rsit)

Tell me how your pc is behaving now. Thanks
User avatar
davis
Regular Member
 
Posts: 910
Joined: February 3rd, 2008, 4:48 am

Re: Help hijackthis report included

Unread postby Striefsky2 » December 15th, 2008, 5:44 pm

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2008-12-15 16:42:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 154 GB (84%) free of 183 GB
Total RAM: 958 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:15 PM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
C:\Program Files\Dynex Wireless G Enhanced Adapter\WLanCfgG.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dynex Wireless G Enhanced Adapter Service (Dynex DX-WGPDTC WLService) - Unknown owner - C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8177 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - karen.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll []
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]
"DeadAIM"=C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-23 144896]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-06-08 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-05-03 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-05-04 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MEMonitor.lnk]
C:\PROGRA~1\SPRINT~1\MEMONI~1.EXE -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=2
"avg8wd"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BackupNoCDBurning"=
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d1-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409db6d2-5dc1-11da-a79d-0013d4d1db9e}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2379a92-6bdc-11da-a7a6-00038a000015}]
shell\AutoRun\command - J:\JDSecure\Windows\JDSecure31.exe


======List of files/folders created in the last 1 months======

2008-12-14 13:45:20 ----SHD---- C:\RECYCLER
2008-12-14 13:38:27 ----A---- C:\ComboFix.txt
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-11 15:00:24 ----A---- C:\WINDOWS\system32\java.exe
2008-12-09 23:48:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 23:16:36 ----A---- C:\WINDOWS\msoffice.ini
2008-12-09 22:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 22:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 22:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 22:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 22:47:38 ----D---- C:\WINDOWS\temp
2008-12-09 22:24:02 ----A---- C:\WINDOWS\zip.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\VFIND.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWSC.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\SWREG.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\sed.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\grep.exe
2008-12-09 22:24:02 ----A---- C:\WINDOWS\fdsv.exe
2008-12-09 22:23:47 ----D---- C:\WINDOWS\ERDNT
2008-12-09 22:23:47 ----D---- C:\Qoobox
2008-12-09 15:57:33 ----RASHD---- C:\autorun.inf
2008-12-04 13:29:45 ----D---- C:\rsit
2008-12-03 16:23:38 ----D---- C:\Program Files\Trend Micro
2008-12-03 12:16:04 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-03 12:05:51 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-02 15:13:46 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-02 15:13:32 ----D---- C:\Program Files\Spyware Doctor
2008-12-02 15:13:32 ----D---- C:\Documents and Settings\HP_Owner\Application Data\PC Tools
2008-12-01 15:53:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2008-12-01 15:01:12 ----D---- C:\WINDOWS\Minidump
2008-11-24 14:41:29 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

======List of files/folders modified in the last 1 months======

2008-12-15 16:41:09 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 16:39:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 16:39:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-15 16:39:01 ----D---- C:\WINDOWS\Prefetch
2008-12-14 13:38:30 ----D---- C:\WINDOWS\system32
2008-12-14 13:38:29 ----D---- C:\WINDOWS
2008-12-14 13:35:43 ----A---- C:\WINDOWS\system.ini
2008-12-14 13:34:09 ----D---- C:\WINDOWS\system32\config
2008-12-14 13:32:59 ----D---- C:\WINDOWS\AppPatch
2008-12-14 13:32:59 ----D---- C:\Program Files\Common Files
2008-12-14 13:24:39 ----D---- C:\WINDOWS\system32\dllcache
2008-12-14 13:23:15 ----D---- C:\Program Files
2008-12-14 13:23:14 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 13:23:13 ----D---- C:\Program Files\iTunes
2008-12-11 16:54:59 ----ASH---- C:\boot.ini
2008-12-11 16:54:59 ----A---- C:\WINDOWS\win.ini
2008-12-11 15:11:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 15:00:32 ----SHD---- C:\WINDOWS\Installer
2008-12-11 15:00:10 ----D---- C:\Program Files\Java
2008-12-09 23:25:52 ----D---- C:\Program Files\Common Files\AOL
2008-12-09 23:20:37 ----A---- C:\WINDOWS\imsins.BAK
2008-12-09 23:19:28 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-09 23:18:52 ----D---- C:\Program Files\AOL
2008-12-09 23:17:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\AOL
2008-12-09 23:14:24 ----D---- C:\Documents and Settings\All Users\Application Data\Kodak
2008-12-09 23:11:23 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 23:11:08 ----D---- C:\Program Files\Quicken
2008-12-09 23:09:39 ----D---- C:\Program Files\Common Files\Apple
2008-12-09 23:08:30 ----D---- C:\Program Files\Viewpoint
2008-12-09 23:08:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-09 23:08:24 ----D---- C:\WINDOWS\HPCPCUninstall-9972322
2008-12-09 23:07:44 ----D---- C:\Program Files\Online Services
2008-12-09 23:06:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-09 23:00:22 ----D---- C:\WINDOWS\pss
2008-12-09 22:56:52 ----HD---- C:\WINDOWS\inf
2008-12-09 22:56:39 ----D---- C:\Program Files\Internet Explorer
2008-12-09 22:56:23 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 22:28:08 ----D---- C:\Program Files\Common
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:23:27 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2008-12-03 20:04:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 16:36:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 15:41:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 12:11:06 ----D---- C:\WINDOWS\WinSxS
2008-12-02 22:30:56 ----A---- C:\VETlog.txt
2008-12-02 21:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-02 15:09:54 ----D---- C:\WINDOWS\Cursors
2008-12-02 15:09:31 ----D---- C:\WINDOWS\addins
2008-11-28 12:49:51 ----A---- C:\WINDOWS\WININIT.INI
2008-11-17 23:33:56 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-09-15 17801]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 BCM43XX;Dynex Wireless G Enhanced Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-08-25 40840]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 sscdserd;SAMSUNG CDMA Modem Diagnostic Serial Port (WDM); C:\WINDOWS\system32\DRIVERS\sscdserd.sys [2005-08-17 73696]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Dynex DX-WGPDTC WLService;Dynex Wireless G Enhanced Adapter Service; C:\Program Files\Dynex Wireless G Enhanced Adapter\WLService.exe [2004-03-29 49152]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-07-07 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-04-15 491520]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-02-04 1251720]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-15 16:42:18

======Uninstall list======

-->"C:\Program Files\mcafee.com\antivirus\uninst.exe" /PopUpMsgBox="N" /CheckMutx="N" /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Deskbar-->"C:\Program Files\AOL Deskbar\UNWISE.EXE" /u "C:\Program Files\AOL Deskbar\INSTALL.LOG"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA Pest Patrol Realtime Protection-->MsiExec.exe /X{F05A5232-CE5E-4274-AB27-44EB8105898D}
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
Dynex Wireless G Enhanced Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC18EE61-1445-473C-87EA-C9BD124793EF}\Setup.exe" -l0x9
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex-->MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO-->MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lexmark 2300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Photohands 1.0E-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{544FB392-069D-4BA5-9DC7-FFD47230AEE5}\Setup.exe"
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.7.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

=====HijackThis Backups=====

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {C3F50901-871A-4650-85D8-9D53E2534A3B} - C:\Program Files\Pink Ribbon Toolbar\SearchHook.dll (file missing)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

======Security center information======

AV: AVG (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

my computers running alot better, just let me know if theres anything else i need to do, or if i can get rid of these programs or do whatever with them. thanks
Striefsky2
Active Member
 
Posts: 11
Joined: December 3rd, 2008, 5:27 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware