Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

[Resolved] Another Browser Hijack/ AV won't update.

Register FAQ Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 3rd January 2009   #1
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
[Resolved] Another Browser Hijack/ AV won't update.
Avira detects 6 items but they continue to re-appear. I have my avira log as well if needed.

Thank you very much for your time!

I d/l'd RSIT onto a thumb drive, moved it to this comp and ran it and here are my logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-01-03 07:53:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (74%) free of 182 GB
Total RAM: 958 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:56 AM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\HP_Administrator\Desktop\fixers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=61008
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=61008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=61008
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1198080380562
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/popcap/zu...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: __c0038F8C - C:\WINDOWS\system32\__c0038F8C.dat (file missing)
O20 - Winlogon Notify: __c007F898 - C:\WINDOWS\system32\__c007F898.dat (file missing)
O20 - Winlogon Notify: __c008005A - C:\WINDOWS\system32\__c008005A.dat (file missing)
O20 - Winlogon Notify: __c00B5FE4 - C:\WINDOWS\system32\__c00B5FE4.dat (file missing)
O20 - Winlogon Notify: __c00D95E8 - C:\WINDOWS\system32\__c00D95E8.dat (file missing)
O20 - Winlogon Notify: __c00DEFB1 - C:\WINDOWS\system32\__c00DEFB1.dat (file missing)
O20 - Winlogon Notify: __c00E9C81 - C:\WINDOWS\system32\__c00E9C81.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 13860 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-11-28 32867]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-25 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]
"regcmdcons"=c:\hp\bin\cloaker.exe [1999-11-07 27136]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-06-05 1572608]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
Grxp4exe.exe /init []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-08-17 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
C:\PROGRA~1\ILIUMS~1\ListPro\LISTPR~1.EXE [2004-01-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2
"usnjsvc"=3
"UPS"=3
"TapiSrv"=2
"mnmsrvc"=3
"gusvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0038F8C]
C:\WINDOWS\system32\__c0038F8C.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007F898]
C:\WINDOWS\system32\__c007F898.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008005A]
C:\WINDOWS\system32\__c008005A.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B5FE4]
C:\WINDOWS\system32\__c00B5FE4.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D95E8]
C:\WINDOWS\system32\__c00D95E8.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00DEFB1]
C:\WINDOWS\system32\__c00DEFB1.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E9C81]
C:\WINDOWS\system32\__c00E9C81.dat []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawser vice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e0 9be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe"="C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Ja va(TM) 2 Platform Standard Edition binary"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:EnabledISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:EnabledISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:EnabledISCover FTP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svch ost.exe:*isabled:svchost"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*isabled:Earthlink"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabl ed:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-01-03 07:53:52 ----D---- C:\rsit
2008-12-20 14:10:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 11:29:28 ----D---- C:\Program Files\Avira
2008-12-20 11:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-20 11:20:29 ----D---- C:\Program Files\GiPo@Utilities
2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2008-12-20 11:19:57 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-20 11:06:18 ----D---- C:\Program Files\Trend Micro
2008-12-20 09:43:38 ----D---- C:\hosts
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\java.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 06:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 06:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 06:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 06:23:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 06:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 06:14:42 ----SHD---- C:\Config.Msi
2008-12-10 18:50:09 ----D---- C:\Program Files\HijackThis
2008-12-08 21:28:05 ----D---- C:\Program Files\Crawler
2008-12-08 20:19:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 20:19:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19:12 ----D---- C:\Program Files\AVG
2008-12-08 20:19:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-08 20:15:55 ----D---- C:\Program Files\CCleaner
2008-12-07 21:11:33 ----D---- C:\mekmakerdev24
2008-12-07 21:10:11 ----D---- C:\MekHangarPreview004
2008-12-07 21:04:59 ----D---- C:\megamekdevsvn20081116
2008-12-05 19:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-29 17:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-11-29 17:55:45 ----D---- C:\Program Files\Yahoo! Games
2008-11-12 08:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 08:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 08:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-25 08:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 15:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 15:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 15:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 15:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-06 21:11:58 ----D---- C:\Program Files\Instant CD & DVD Burner
2008-10-06 20:57:46 ----D---- C:\Program Files\QuickMediaConverter
2008-10-06 20:56:52 ----D---- C:\Install
2008-10-06 20:38:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Any Video Converter
2008-10-06 20:20:08 ----A---- C:\WINDOWS\Easy Video to DVD.INI
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\inetfr.DLL
2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\mfc71d.dll
2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-10-06 19:55:48 ----D---- C:\Program Files\Videos To DVD
2008-10-06 19:55:48 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2008-10-06 17:08:04 ----D---- C:\Program Files\Photo Story 3 for Windows

======List of files/folders modified in the last 3 months======

2009-01-03 07:49:12 ----AD---- C:\WINDOWS
2009-01-03 07:48:55 ----D---- C:\WINDOWS\Temp
2009-01-03 07:46:10 ----D---- C:\Program Files
2009-01-03 07:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-03 07:44:35 ----D---- C:\WINDOWS\system32\drivers
2009-01-03 07:39:12 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 09:08:24 ----D---- C:\WINDOWS\Prefetch
2008-12-22 16:25:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 15:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-22 15:56:39 ----D---- C:\Program Files\Google
2008-12-20 11:25:31 ----D---- C:\WINDOWS\system32
2008-12-20 11:20:30 ----SHD---- C:\WINDOWS\Installer
2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files
2008-12-20 09:32:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 08:43:11 ----HD---- C:\WINDOWS\inf
2008-12-18 08:42:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 08:41:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 10:52:22 ----D---- C:\Program Files\Java
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 07:00:17 ----D---- C:\Program Files\Internet Explorer
2008-12-12 06:27:56 ----A---- C:\WINDOWS\win.ini
2008-12-12 06:24:48 ----D---- C:\WINDOWS\Debug
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 21:32:11 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-12-08 20:24:02 ----D---- C:\Sharks Folder
2008-12-08 20:07:25 ----RASH---- C:\boot.ini
2008-12-08 20:07:25 ----A---- C:\WINDOWS\system.ini
2008-12-07 09:49:04 ----D---- C:\WINDOWS\system32\Lang
2008-12-05 19:52:55 ----D---- C:\Program Files\AIM6
2008-12-05 19:52:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-05 19:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-05 19:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-30 12:47:27 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-30 12:47:26 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-11-12 09:35:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-12 08:48:22 ----D---- C:\WINDOWS\WinSxS
2008-11-06 14:31:40 ----D---- C:\WINDOWS\Help
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-19 14:29:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 17:47:30 ----D---- C:\Program Files\The Drawing Board
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll

2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 15:15:12 ----D---- C:\WINDOWS\ie7updates
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-06 20:30:45 ----D---- C:\temp
2008-10-06 17:08:41 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-10-06 17:08:07 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kid_sys;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\drivers\KID_SYS.sys [2001-09-26 11920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 imhidusb;Immersion's HID USB Driver; C:\WINDOWS\system32\drivers\imhidusb.sys [2002-02-14 30920]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ntxpusb;Gravis USB device driver; C:\WINDOWS\system32\drivers\ntxpusb.sys [2002-02-26 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver; \??\C:\PCDR5\PCD5SRVC.pkms []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-25 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-06-05 507648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------
Last edited by Sharkapult; 3rd January 2009 at 14:41. Reason: added "d/l'd RSIT to a thumb drive" fact
Sharkapult is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 3rd January 2009   #2
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
info.txt logfile of random's system information tool 1.05 2009-01-03 07:53:59

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alien Outbreak 2-->"C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bejeweled 2 Deluxe-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Kahuna Reef-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Black and White-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Blackhawk Striker 2-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
Civil War Generals II-->C:\WINDOWS\IsUninst.exe -f"C:\Impressions Games\CWG2\Uninst.isu"
Civilization III-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Desktop Doctor-->"C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
Digital Voice Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}\setup.exe" -l0x9 -remove
Diner Dash-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fairies-->"C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
Flip Words-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
Galactic Civilizations Ultimate Edition-->C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\INSTALL.LOG
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GiPo@FileUtilities 3.2-->MsiExec.exe /I{E2B64929-B616-4235-B10E-D26D686296F9}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Gravis Xperience 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis / CWShredder Installer 1.0-->"C:\Program Files\HijackThis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Games 3.43.97-->"C:\Program Files\DISC\uninstall.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
IGN Download Manager 2.3.2-->C:\Program Files\IGN\Download Manager\uninst.exe
Insaniquarium Deluxe-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
iPAQ WebReg-->MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
LimeWire 4.16.6-->"C:\Program Files\LimeWire\uninstall.exe"
ListPro-->C:\PROGRA~1\ILIUMS~1\ListPro\UNWISE.EXE C:\PROGRA~1\ILIUMS~1\ListPro\INSTALL.LOG
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LJ Comment Stats Wizard 1.7-->"C:\Program Files\LJ Comment Stats Wizard\unins000.exe"
Mah Jong Quest-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Medieval - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{A10F7877-4276-416C-9F22-CB56C0CB2700}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninst all.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.ex e"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst. exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002-->MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org 2.1-->MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Pike & Musket TW - Music pack01-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
Pike and Musket TW 1.5-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
Rome - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,Launc hSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
The Drawing Board v2 Beta-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.000"
The Drawing Board-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.LOG"
The New Shadow Patch 2.1-->C:\Program Files\MyProduct\Uninstal.exe
The New Shadow Patch 2.2-->C:\Program Files\MyProduct\Uninstal.exe
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
wolfman-MC2X-->C:\Wolfman-MC2X\Uninstall wolfman-MC2X.exe
WorldMate for PocketPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,Launch Setup "C:\Program Files\InstallShield Installation Information\{86BF2E8C-959A-4D19-A248-A8A01AB4090D}\Setup.exe" -l0x9
X2 - The Threat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731}\setup.exe" -l0x9 -uninst
X² All In One Bonus Package 1.04-->"C:\Program Files\Enlight\X2 - The Threat\unins000.exe"
X2 Sector Planner-->MsiExec.exe /I{CCCD0C60-DABA-4DAC-AC71-DF92BDB322E1}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma (remove only)-->"C:\Program Files\Yahoo! Games\Zuma\Uninstall.exe"

Hosts File Missing
======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)
AV: Avira AntiVir PersonalEdition
FW: Norton Internet Worm Protection (disabled)
FW: COMODO Firewall Pro

System event log

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54610
Source Name: Service Control Manager
Time Written: 20081208213326.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54609
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54608
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54607
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54606
Source Name: Service Control Manager
Time Written: 20081208213324.000000-360
Event Type: error
User:

Application event log

Computer Name: TAMINAROSE
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 12188
Source Name: SecurityCenter
Time Written: 20080906101633.000000-300
Event Type: information
User:

Computer Name: TAMINAROSE
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 12187
Source Name: LightScribeService
Time Written: 20080906101632.000000-300
Event Type: information
User:

Computer Name: TAMINAROSE
Event Code: 101
Message: Information Level: success

Rolling back the schedule; execution will occur at approximately 10:21 AM.

Record Number: 12186
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080906101628.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TAMINAROSE
Event Code: 101
Message: Information Level: success

Service started.

Record Number: 12185
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080906101628.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TAMINAROSE
Event Code: 105
Message: The service was started.

Record Number: 12184
Source Name: ARSVC
Time Written: 20080906101628.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Pyt hon22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
Sharkapult is offline   Reply With Quote
Old 4th January 2009   #3
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi Sharkapult
Welcome to WindowsBBS.

You are kind of loaded down with tool bars, I would remove any that you don't use.

Now please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.


Thanks
Geri
Geri is offline   Reply With Quote
Old 4th January 2009   #4
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
This computer won't connect to that download link, like most other links having to do with antivirus software. I have access to another computer Monday and will be able to post the results from that scan Monday Night.

I'll try to convince my fiance to let me remove some of the toolbars.

Thank you again for your time and effort!
Sharkapult is offline   Reply With Quote
Old 6th January 2009   #5
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
Thank you again for your time, expertise, and patience!

Combofix says I still have AVG on my computer when I uninstalled it a while ago and it is no longer in my uninstall list. I realize all the problems w/ multiple AV programs running at the same time.

Here is the ComboFix Log:

ComboFix 08-12-29.02 - HP_Administrator 2009-01-05 18:05:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.471 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\install\install.exe
C:\xcrashdump.dat
D:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 21:56 --------- d-----w c:\program files\Google
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
Notify-__c0038F8C - c:\windows\system32\__c0038F8C.dat
Notify-__c007F898 - c:\windows\system32\__c007F898.dat
Notify-__c008005A - c:\windows\system32\__c008005A.dat
Notify-__c00B5FE4 - c:\windows\system32\__c00B5FE4.dat
Notify-__c00D95E8 - c:\windows\system32\__c00D95E8.dat
Notify-__c00DEFB1 - c:\windows\system32\__c00DEFB1.dat
Notify-__c00E9C81 - c:\windows\system32\__c00E9C81.dat


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 18:14:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exeQ
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2009-01-05 18:18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 00:17:59

Pre-Run: 141,729,157,120 bytes free
Post-Run: 142,025,981,952 bytes free

273 --- E O F --- 2008-12-18 14:43:13
Sharkapult is offline   Reply With Quote
Old 6th January 2009   #6
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
OK you need to run Combofix again.

Please do so following these directions.

Press Ctrl+Alt+Del twice at the welcome screen, then type Administrator for the username, enter the password (just press Enter if no password), then run ComboFix from that account.
Note - You will have to logon to the Administrator account again after reboot so that CF can complete.

Please post the log you get.

Thanks
Geri
Geri is offline   Reply With Quote
Old 7th January 2009   #7
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
Hi again,

This computer (running Windows XP) has only one account and it has administrator privileges. I press ctrl+alt+del twice at the windows welcome screen and it only shows the one account available.

There is no-where for me to type administrator.

When I run combofix again it does not ask me to re-boot.

My google links appear to be working fine in IE and Firefox. I can also go to common AV websites. Here is the new Combofix log in case you need it.

Should I run a Kapersky scan next?

What else should I do?

Thank you again for your patience and expertise


ComboFix 08-12-29.02 - HP_Administrator 2009-01-06 19:34:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.550 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 21:56 --------- d-----w c:\program files\Google
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 19:35:36
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-06 19:36:48
ComboFix-quarantined-files.txt 2009-01-07 01:36:46
ComboFix2.txt 2009-01-06 00:23:33
ComboFix3.txt 2009-01-06 00:18:09

Pre-Run: 141,941,665,792 bytes free
Post-Run: 141,882,601,472 bytes free

263 --- E O F --- 2008-12-18 14:43:13
Sharkapult is offline   Reply With Quote
Old 7th January 2009   #8
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page: one at a time
    • c:\documents and settings\HP_Administrator\nah_vnxr.exe
  • Click on the submit button
  • Please post the results in your next reply.


Do you know what these are?
C:\mekmakerdev24
C:\MekHangarPreview004
C:\megamekdevsvn20081116


Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:
File::
c:\windows\imsins.BAK
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\avgrsstx.dll

Folder::
c:\program files\AVG
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\Trymedia

Driver::
AvgLdx86
avg8wd
Please post the results from Jotti, let me know about those folders and post the new Combofix log.

Thanks
Geri is offline   Reply With Quote
Old 7th January 2009   #9
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
Hello,

These three programs:
C:\mekmakerdev24
C:\MekHangarPreview004
C:\megamekdevsvn20081116

are all related to an online java-based BattleTech game I sometimes play. The first two are useless (downloaded from sourceforge.net) and I just have not deleted them yet and I have no attachment to them. The third is a version of the game.

First the Jotti Log:

Service load:
0% 100%
File: nah_vnxr.exe
Status:
INFECTED/MALWARE
MD5: 1764fb0a53e21a75d60d73a855eea1db
Packers detected:
-
Scanner results
Scan taken on 07 Jan 2009 12:10:11 (GMT)
A-Squared
Found Trojan.Generic!IK
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Generic.1245657
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found Trojan.Generic.1245657
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found Trj/Agent.LEM
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Malware-Cryptor.Win32.General.4 (probable variant)

Combofix Log:

ComboFix 08-12-29.02 - HP_Administrator 2009-01-07 6:24:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.567 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\windows\imsins.BAK
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\dumps\avgwdsvc.exe_128732628823437500.dmp
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Application Data\avg8\Lsdb\cf.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\ph.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat.xcd
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat.xcd
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\Trymedia
c:\documents and settings\All Users\Application Data\Trymedia\data\{A1C86C9F-DF01-A326-595A-1EE76EA95EF5}
c:\documents and settings\All Users\Application Data\Trymedia\data\{AA7362A4-9510-8D7F-39A8-621528A6AC05}
c:\documents and settings\All Users\Application Data\Trymedia\data\{BEB31D66-6091-E439-DCF9-CEF50F2AC771}
c:\documents and settings\All Users\Application Data\Trymedia\data\{D82B3C88-31B2-AE5F-9471-4576A2BBC7CF}
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglinks.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglogo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus_error.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\brandlogo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\COMBOSEARCH.acs
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\p_yahoo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_off.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_on.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_off.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_on.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\slider.bmp
c:\program files\AVG
c:\program files\AVG\AVG8\aAvgApi.exe
c:\program files\AVG\AVG8\avg.snu
c:\program files\AVG\AVG8\avg404.txt
c:\program files\AVG\AVG8\avg7api.dll
c:\program files\AVG\AVG8\avg8us.lng
c:\program files\AVG\AVG8\avgabout.dll
c:\program files\AVG\AVG8\avgapix.dll
c:\program files\AVG\AVG8\avgbat.bav
c:\program files\AVG\AVG8\avgcfgex.exe
c:\program files\AVG\AVG8\avgcfgx.dll
c:\program files\AVG\AVG8\avgcmgr.exe
c:\program files\AVG\AVG8\avgcorex.dll
c:\program files\AVG\AVG8\avgcrlpx.dll
c:\program files\AVG\AVG8\avgdumpx.exe
c:\program files\AVG\AVG8\avgf8us.chm
c:\program files\AVG\AVG8\avgfrw.exe
c:\program files\AVG\AVG8\avginet.dll
c:\program files\AVG\AVG8\avgiproxy.exe
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avglogx.dll
c:\program files\AVG\AVG8\avgmail.dll
c:\program files\AVG\AVG8\avgmvflx.dll
c:\program files\AVG\AVG8\avgmwdef_us.mht
c:\program files\AVG\AVG8\avgoff2k.dll
c:\program files\AVG\AVG8\avgpp.dll
c:\program files\AVG\AVG8\avgresf.dll
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgscanx.dll
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgsched.dll
c:\program files\AVG\AVG8\avgse.dll
c:\program files\AVG\AVG8\avgsrmax.exe
c:\program files\AVG\AVG8\avgsrmx.dll
c:\program files\AVG\AVG8\avgssie.dll
c:\program files\AVG\AVG8\avgtbapi.dll
c:\program files\AVG\AVG8\avgtoolbar.dll
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgui.exe
c:\program files\AVG\AVG8\avguiadv.dll
c:\program files\AVG\AVG8\avguires.dll
c:\program files\AVG\AVG8\avgupd.dll
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgvvx.dll
c:\program files\AVG\AVG8\avgwd.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\AVG\AVG8\avgxch32.dll
c:\program files\AVG\AVG8\avgxpl.dll
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\contacts_us.html
c:\program files\AVG\AVG8\dbghelp.dll
c:\program files\AVG\AVG8\dfncfg.dat
c:\program files\AVG\AVG8\fixcfg.exe
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
c:\program files\AVG\AVG8\Icons\background_middle_green.gif
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
c:\program files\AVG\AVG8\Icons\background_middle_red.gif
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG8\Icons\background_top_gray.gif
c:\program files\AVG\AVG8\Icons\background_top_green.gif
c:\program files\AVG\AVG8\Icons\background_top_orange.gif
c:\program files\AVG\AVG8\Icons\background_top_red.gif
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
c:\program files\AVG\AVG8\Icons\block-doc.gif
c:\program files\AVG\AVG8\Icons\blocked.gif
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG8\Icons\border_top_gray.gif
c:\program files\AVG\AVG8\Icons\border_top_green.gif
c:\program files\AVG\AVG8\Icons\border_top_orange.gif
c:\program files\AVG\AVG8\Icons\border_top_red.gif
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
c:\program files\AVG\AVG8\Icons\box_top_red.gif
c:\program files\AVG\AVG8\Icons\caution.gif
c:\program files\AVG\AVG8\Icons\click_here_gray.gif
c:\program files\AVG\AVG8\Icons\click_here_green.gif
c:\program files\AVG\AVG8\Icons\click_here_orange.gif
c:\program files\AVG\AVG8\Icons\click_here_red.gif
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
c:\program files\AVG\AVG8\Icons\clock.gif
c:\program files\AVG\AVG8\Icons\close.gif
c:\program files\AVG\AVG8\Icons\icons_blocked.gif
c:\program files\AVG\AVG8\Icons\icons_caution.gif
c:\program files\AVG\AVG8\Icons\icons_close.gif
c:\program files\AVG\AVG8\Icons\icons_safe.gif
c:\program files\AVG\AVG8\Icons\icons_unknown.gif
c:\program files\AVG\AVG8\Icons\icons_warning.gif
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG8\Icons\safe.gif
c:\program files\AVG\AVG8\Icons\unknown.gif
c:\program files\AVG\AVG8\Icons\warning.gif
c:\program files\AVG\AVG8\license_us.txt
c:\program files\AVG\AVG8\log\history.xml
c:\program files\AVG\AVG8\setup.cfg
c:\program files\AVG\AVG8\setup.dat
c:\program files\AVG\AVG8\setup.exe
c:\program files\AVG\AVG8\setupus.lns
c:\program files\AVG\AVG8\ToolbarIEcache\avglinks.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avglogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg
c:\program files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\slider.bmp
c:\program files\AVG\AVG8\updatecomps.cfg
c:\windows\imsins.BAK
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgldx86.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 06:24:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-07 6:25:26
ComboFix-quarantined-files.txt 2009-01-07 12:25:24
ComboFix2.txt 2009-01-07 12:20:27
ComboFix3.txt 2009-01-07 01:36:49
ComboFix4.txt 2009-01-06 00:23:33
ComboFix5.txt 2009-01-07 12:24:16

Pre-Run: 141,977,038,848 bytes free
Post-Run: 141,912,485,888 bytes free

477 --- E O F --- 2008-12-18 14:43:13
Sharkapult is offline   Reply With Quote
Old 8th January 2009   #10
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
OK please delete the CFScript you have.

Now do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:
http://www.windowsbbs.com/malware-virus-removal/80128-active-another-browser-hijack-av-wont-update.html
Suspect::[22]
c:\documents and settings\HP_Administrator\nah_log.dat
c:\documents and settings\HP_Administrator\nah_vnxr.exe

Folder::
C:\mekmakerdev24
C:\MekHangarPreview004
c:\windows\system32\drivers\Avg
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.**With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.

Please post the combofix log.

Thanks!
Geri
Geri is offline   Reply With Quote
Old 10th January 2009   #11
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
Sorry it took me a while, but here goes.
Thanks again!

ComboFix 08-12-29.02 - HP_Administrator 2009-01-09 21:17:58.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.608 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MekHangarPreview004
c:\mekhangarpreview004\MekHangar-Preview-004\build.xml
c:\mekhangarpreview004\MekHangar-Preview-004\data\conversion\mtf.txt
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Add24.png
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Play24.gif
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Remove24.png
c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\equipment.xml
c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\mech_tables.xml
c:\mekhangarpreview004\MekHangar-Preview-004\lib\MegaMek.jar
c:\mekhangarpreview004\MekHangar-Preview-004\lib\TinyXML.jar
c:\mekhangarpreview004\MekHangar-Preview-004\license.txt
c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar-MM.jar
c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar.jar
c:\mekhangarpreview004\MekHangar-Preview-004\readme.txt
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\Equipment.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\exception\InsufficientCriticalException.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\CustomComboBox.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentChoicePanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentEditorPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentInfoPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentItemPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerButton.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesigner.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesignerFrame.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\AbstractIntegerModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ArmorTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ChassisTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\CockpitTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EngineTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EquipmentChoiceModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\GyroTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\HeatSinkTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\IntegerModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\InternalTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\LocationArmorModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\MyomerTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\SlotAreaModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechBaseModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechLevelModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TonnageModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MovementLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SelectionListener.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SlotAreaPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\TonnageUsageLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesign.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesignListener.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\SlotArea.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AbstractStringModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AmmoModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\EntityFileEditor.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\EntityFileEditorFrame.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\LocationStatusPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\MechEditorDialog.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\LocationModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\MechEditor.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\PilotModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentData.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentList.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\MechTables.java
C:\mekmakerdev24
c:\mekmakerdev24\mekmaker-dev-24\lib\swing-layout-1.0.jar
c:\mekmakerdev24\mekmaker-dev-24\MekMaker.jar
c:\mekmakerdev24\mekmaker-dev-24\README.TXT
c:\mekmakerdev24\mekmaker-dev-24\source\build.xml
c:\mekmakerdev24\mekmaker-dev-24\source\license.txt
c:\mekmakerdev24\mekmaker-dev-24\source\manifest.mf
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-prop-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-props
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\build-impl.xml.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\genfiles.properties.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.properties.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.xml.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\build-impl.xml.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\genfiles.properties.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.properties.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.xml.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\build-impl.xml
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\genfiles.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.xml
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties~
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.xml
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractComponent.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerJPanel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractIntegerValueLookup.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\CockpitTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\DesignerMainTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EngineTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EventHandler.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GenericSetGetInterface.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GyroTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\InternalStructureTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MainWindowManager.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MotiveTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TableRowSelectionListener.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TechnologyBases.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractComponent.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerJPanel.java.sv n-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerTreeNode.java. svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractIntegerValueLookup.jav a.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\CockpitTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\DesignerMainTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EngineTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EventHandler.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GenericSetGetInterface.java.sv n-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GyroTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\InternalStructureTypes.java.sv n-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MainWindowManager.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MotiveTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TableRowSelectionListener.java .svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TechnologyBases.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractComponent.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerJPanel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractEntity.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractIntegerValueLookup.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorPoint.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\BTCalc.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CockpitTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CriticalSlot.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\DesignerMainTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EngineTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EventHandler.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GenericSetGetInterface.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GyroTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\HeatSinkTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\InternalStructureTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MainWindowManager.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MotiveTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\Section.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TableRowSelectionListener.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TechnologyBases.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractComponent.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerJPanel.java. svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerTreeNode.jav a.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractEntity.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractIntegerValueLookup.j ava.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorPoint.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\BTCalc.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CockpitTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CriticalSlot.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\DesignerMainTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EngineTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EventHandler.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GenericSetGetInterface.java. svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GyroTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\HeatSinkTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\InternalStructureTypes.java. svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MainWindowManager.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MotiveTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\Section.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TableRowSelectionListener.ja va.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TechnologyBases.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractComponent.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerJPanel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractEntity.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractIntegerValueLookup.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorPoint.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\BTCalc.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CockpitTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CriticalSlot.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\DesignerMainTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EngineTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EventHandler.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GenericSetGetInterface.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GyroTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\HeatSinkTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\InternalStructureTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MainWindowManager.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MotiveTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\Section.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TableRowSelectionListener.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TechnologyBases.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\prop-base\EngineTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\props\EngineTableModel. java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\text-base\EngineTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\wcprops\EngineTableMode l.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\EngineTableModel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\prop-base\InternalStructureTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\props\InternalStru ctureTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\text-base\InternalStructureTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\wcprops\InternalSt ructureTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\InternalStructureTableM odel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareBattleMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareIndustrialMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareBattleMechDesign er.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareIndustrialMechDe signer.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareInfantryPlatoonD esigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareBattleMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareIndustrialMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareBattleMechDesi gner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareIndustrialMech Designer.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareInfantryPlatoo nDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview. form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview. java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechAr mor.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechAr mor.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechCh assis.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechCh assis.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEn gine.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEn gine.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOv erview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOv erview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMe chOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMe chOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOvervie w.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOvervie w.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Armor.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Armor.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Chassis.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Chassis.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Engine.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Engine.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech HeatSinks.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech HeatSinks.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Overview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMech Overview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrial MechOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrial MechOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.for m
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.jav a
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview. form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview. java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareBattleMechDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareIndustrialMechDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareInfantryPlatoonDesigner.jav a
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleM echArmorTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleM echChassisTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleM echEngineTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechHeatSinksTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattl eMechArmorTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattl eMechChassisTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattl eMechEngineTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattl eMechHeatSinksTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechArmorTre eNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechChassisT reeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechEngineTr eeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechHeatSink sTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.java
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\Avg\avi7.avg
c:\windows\system32\drivers\Avg\incavi.avm
c:\windows\system32\drivers\Avg\microavi.avg
c:\windows\system32\drivers\Avg\miniavi.avg

.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 03:12:14 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 03:12:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
.
Sharkapult is offline   Reply With Quote
Old 10th January 2009   #12
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 21:23:23
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-09 21:23:56
ComboFix-quarantined-files.txt 2009-01-10 03:23:53
ComboFix2.txt 2009-01-07 12:25:27
ComboFix3.txt 2009-01-07 12:20:27
ComboFix4.txt 2009-01-07 01:36:49
ComboFix5.txt 2009-01-10 03:17:02

Pre-Run: 141,973,721,088 bytes free
Post-Run: 141,907,619,840 bytes free

646 --- E O F --- 2008-12-18 14:43:13
Sharkapult is offline   Reply With Quote
Old 11th January 2009   #13
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
Please delete the CFScript you have.


Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:
RootKit::
C:\Windows\system32\drivers\TDSSpqlt.sys
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


Now click on "Start" > "Run" copy and paste this into the run box and click OK, a file named HKLMSS.txt will appear on your desktop, please copy and paste the contents of that here.
Code:
regedit /e "%userprofile%\desktop\HKLMSS.txt" "HKEY_LOCAL_MACHINE\System\Select"
Please post the CF log and the contents of the HKLMSS.txt file

Thanks
Geri
Geri is offline   Reply With Quote
Old 11th January 2009   #14
Member
 
Profile:
Join Date: Dec 2008
Posts: 14
Computer Experience:
Intermediate
Sharkapult Reputation Level
Here goes:

Combofix: When it re-booted I realized I forgot to set my firewall to not run on re-start. I closed it quickly but I don't know if it effected anything.

ComboFix 08-12-29.02 - HP_Administrator 2009-01-11 11:29:41.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.607 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSpqlt.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 15:54:03 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-11 15:54:25 29,696 ----a-w c:\windows\system32\TDSShrxx.dll
+ 2009-01-11 15:54:31 2,710 ----a-w c:\windows\system32\TDSSlxwp.dll
+ 2009-01-11 15:54:25 35,840 ----a-w c:\windows\system32\TDSSoiqt.dll
+ 2009-01-11 15:54:27 31,232 ----a-w c:\windows\system32\TDSSvkql.dll
+ 2009-01-11 15:54:29 61,440 ----a-w c:\windows\system32\TDSSxfum.dll
+ 2009-01-11 17:31:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover"="c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"UPS"=3 (0x3)
"TapiSrv"=2 (0x2)
"mnmsrvc"=3 (0x3)
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\explorer.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 11:32:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath"="\??\c:\pcdr5\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSpqlt.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2009-01-11 11:37:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 17:37:16
ComboFix2.txt 2009-01-10 03:23:58
ComboFix3.txt 2009-01-07 12:25:27
ComboFix4.txt 2009-01-07 12:20:27
ComboFix5.txt 2009-01-11 17:28:53

Pre-Run: 141,966,721,024 bytes free
Post-Run: 141,902,913,536 bytes free

261 --- E O F --- 2008-12-18 14:43:13

HKLMSS:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\Select]
"Current"=dword:00000001
"Default"=dword:00000001
"Failed"=dword:00000000
"LastKnownGood"=dword:00000003
Sharkapult is offline   Reply With Quote
Old 11th January 2009   #15
Staff
 
Geri's Avatar
 
Profile:
Join Date: Mar 2003
Location: Washington State
Posts: 4,496
Computer Experience:
Somedays it's like Taz
Geri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation LevelGeri Reputation Level

My System

Hi
Combofix should have prompted you to update why did you not let it do so? we need to have a updated version.

Please run it again not using the script and let it update.

Geri
Geri is offline   Reply With Quote
Reply
Page 1 of 2 1 2

« [Active] I'm next...VIRTUMONDE has me at wits end. | [Active] Desktop Infected »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Trojan.zlob detected Sillsy Malware and Virus Removal 18 9th November 2008 10:49
[InActive] Continued dificulty TJGarner Malware and Virus Removal 17 26th October 2008 04:43
[Resolved] CiD popups... log and text files? yoruga Malware and Virus Removal 22 7th October 2008 10:53
[InActive] My computer is real slow & sometimes freezes bcampbell1981 Malware and Virus Removal 4 28th September 2008 15:22
[InActive] Help with S-L-O-W Computer (HJT included) Mr. Chip Malware and Virus Removal 12 27th September 2008 20:04


All times are GMT +1. The time now is 01:29.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33