Solved Another Browser Hijack/ AV won't update.

[Resolved] Another Browser Hijack/ AV won't update.

Avira detects 6 items but they continue to re-appear. I have my avira log as well if needed.

Thank you very much for your time!

I d/l'd RSIT onto a thumb drive, moved it to this comp and ran it and here are my logs:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-01-03 07:53:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 135 GB (74%) free of 182 GB
Total RAM: 958 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:56 AM, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Documents and Settings\HP_Administrator\Desktop\fixers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe "
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198080380562
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: __c0038F8C - C:\WINDOWS\system32\__c0038F8C.dat (file missing)
O20 - Winlogon Notify: __c007F898 - C:\WINDOWS\system32\__c007F898.dat (file missing)
O20 - Winlogon Notify: __c008005A - C:\WINDOWS\system32\__c008005A.dat (file missing)
O20 - Winlogon Notify: __c00B5FE4 - C:\WINDOWS\system32\__c00B5FE4.dat (file missing)
O20 - Winlogon Notify: __c00D95E8 - C:\WINDOWS\system32\__c00D95E8.dat (file missing)
O20 - Winlogon Notify: __c00DEFB1 - C:\WINDOWS\system32\__c00DEFB1.dat (file missing)
O20 - Winlogon Notify: __c00E9C81 - C:\WINDOWS\system32\__c00E9C81.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

--
End of file - 13860 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-11-28 32867]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-25 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"HPHUPD08 "=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DMAScheduler "=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
" "= []
"PCDrProfiler "= []
"HPBootOp "=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"Reminder "=C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]
"regcmdcons "=c:\hp\bin\cloaker.exe [1999-11-07 27136]
"HP Software Update "=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
"CanonMyPrinter "=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
"ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"DISCover "=C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]
"COMODO Firewall Pro "=C:\Program Files\COMODO\Firewall\cfp.exe [2008-06-05 1572608]
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]
"SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
"avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]
"Aim6 "=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
Grxp4exe.exe /init []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE [2005-02-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-08-17 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
C:\PROGRA~1\ILIUMS~1\ListPro\LISTPR~1.EXE [2004-01-26 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2
"usnjsvc "=3
"UPS "=3
"TapiSrv "=2
"mnmsrvc "=3
"gusvc "=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "=" C:\WINDOWS\system32\guard32.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0038F8C]
C:\WINDOWS\system32\__c0038F8C.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007F898]
C:\WINDOWS\system32\__c007F898.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008005A]
C:\WINDOWS\system32\__c008005A.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B5FE4]
C:\WINDOWS\system32\__c00B5FE4.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D95E8]
C:\WINDOWS\system32\__c00D95E8.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00DEFB1]
C:\WINDOWS\system32\__c00DEFB1.dat []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E9C81]
C:\WINDOWS\system32\__c00E9C81.dat []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe "= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe "= "C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh "
"C:\WINDOWS\system32\javaw.exe "= "C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
"C:\Program Files\DISC\DISCover.exe "= "C:\Program Files\DISC\DISCover.exe:*:EnabledISCover Drop & Play System "
"C:\Program Files\DISC\DiscStreamHub.exe "= "C:\Program Files\DISC\DiscStreamHub.exe:*:EnabledISCover Stream Hub "
"C:\Program Files\DISC\myFTP.exe "= "C:\Program Files\DISC\myFTP.exe:*:EnabledISCover FTP "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
"C:\WINDOWS\explorer.exe "= "C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*isabled:Earthlink "
"C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*isabledxpsp2res.dll,-22019 "
"C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe "= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
"C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

======List of files/folders created in the last 3 months======

2009-01-03 07:53:52 ----D---- C:\rsit
2008-12-20 14:10:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 11:29:28 ----D---- C:\Program Files\Avira
2008-12-20 11:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-20 11:20:29 ----D---- C:\Program Files\GiPo@Utilities
2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
2008-12-20 11:19:57 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-20 11:06:18 ----D---- C:\Program Files\Trend Micro
2008-12-20 09:43:38 ----D---- C:\hosts
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\java.exe
2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 06:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 06:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 06:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 06:23:00 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 06:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 06:14:42 ----SHD---- C:\Config.Msi
2008-12-10 18:50:09 ----D---- C:\Program Files\HijackThis
2008-12-08 21:28:05 ----D---- C:\Program Files\Crawler
2008-12-08 20:19:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 20:19:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19:12 ----D---- C:\Program Files\AVG
2008-12-08 20:19:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-08 20:15:55 ----D---- C:\Program Files\CCleaner
2008-12-07 21:11:33 ----D---- C:\mekmakerdev24
2008-12-07 21:10:11 ----D---- C:\MekHangarPreview004
2008-12-07 21:04:59 ----D---- C:\megamekdevsvn20081116
2008-12-05 19:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-11-29 17:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-11-29 17:55:45 ----D---- C:\Program Files\Yahoo! Games
2008-11-12 08:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 08:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 08:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-25 08:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-15 15:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 15:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 15:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 15:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-06 21:11:58 ----D---- C:\Program Files\Instant CD & DVD Burner
2008-10-06 20:57:46 ----D---- C:\Program Files\QuickMediaConverter
2008-10-06 20:56:52 ----D---- C:\Install
2008-10-06 20:38:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Any Video Converter
2008-10-06 20:20:08 ----A---- C:\WINDOWS\Easy Video to DVD.INI
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\VB6FR.DLL
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\inetfr.DLL
2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\mfc71d.dll
2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
2008-10-06 19:55:48 ----D---- C:\Program Files\Videos To DVD
2008-10-06 19:55:48 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2008-10-06 17:08:04 ----D---- C:\Program Files\Photo Story 3 for Windows

======List of files/folders modified in the last 3 months======

2009-01-03 07:49:12 ----AD---- C:\WINDOWS
2009-01-03 07:48:55 ----D---- C:\WINDOWS\Temp
2009-01-03 07:46:10 ----D---- C:\Program Files
2009-01-03 07:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-03 07:44:35 ----D---- C:\WINDOWS\system32\drivers
2009-01-03 07:39:12 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 09:08:24 ----D---- C:\WINDOWS\Prefetch
2008-12-22 16:25:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 15:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-22 15:56:39 ----D---- C:\Program Files\Google
2008-12-20 11:25:31 ----D---- C:\WINDOWS\system32
2008-12-20 11:20:30 ----SHD---- C:\WINDOWS\Installer
2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files
2008-12-20 09:32:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-18 08:43:11 ----HD---- C:\WINDOWS\inf
2008-12-18 08:42:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 08:41:57 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 10:52:22 ----D---- C:\Program Files\Java
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 07:00:17 ----D---- C:\Program Files\Internet Explorer
2008-12-12 06:27:56 ----A---- C:\WINDOWS\win.ini
2008-12-12 06:24:48 ----D---- C:\WINDOWS\Debug
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 21:32:11 ----A---- C:\WINDOWS\system32\dwwin.exe
2008-12-08 20:24:02 ----D---- C:\Sharks Folder
2008-12-08 20:07:25 ----RASH---- C:\boot.ini
2008-12-08 20:07:25 ----A---- C:\WINDOWS\system.ini
2008-12-07 09:49:04 ----D---- C:\WINDOWS\system32\Lang
2008-12-05 19:52:55 ----D---- C:\Program Files\AIM6
2008-12-05 19:52:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-05 19:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-05 19:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-30 12:47:27 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-11-30 12:47:26 ----A---- C:\WINDOWS\system32\winlogon.exe
2008-11-12 09:35:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-12 08:48:22 ----D---- C:\WINDOWS\WinSxS
2008-11-06 14:31:40 ----D---- C:\WINDOWS\Help
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-19 14:29:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-16 17:47:30 ----D---- C:\Program Files\The Drawing Board
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll

2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 15:15:12 ----D---- C:\WINDOWS\ie7updates
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-10-06 20:30:45 ----D---- C:\temp
2008-10-06 17:08:41 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2008-10-06 17:08:07 ----D---- C:\Program Files\Common Files\Microsoft Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kid_sys;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\drivers\KID_SYS.sys [2001-09-26 11920]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 imhidusb;Immersion's HID USB Driver; C:\WINDOWS\system32\drivers\imhidusb.sys [2002-02-14 30920]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 ntxpusb;Gravis USB device driver; C:\WINDOWS\system32\drivers\ntxpusb.sys [2002-02-26 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver; \??\C:\PCDR5\PCD5SRVC.pkms []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-25 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-06-05 507648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.05 2009-01-03 07:53:59

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alien Outbreak 2--> "C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe "
Ancient Sudoku--> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe "
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bejeweled 2 Deluxe--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
Big Kahuna Reef--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe "
Black and White-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Blackhawk Striker 2--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
Blasterball 2 Remix--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe "
Blasterball 2 Revolution--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe "
Bookworm Deluxe--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
Bounce Symphony--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe "
Canon MP Navigator 3.0--> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160--> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Chuzzle Deluxe--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
Civil War Generals II-->C:\WINDOWS\IsUninst.exe -f "C:\Impressions Games\CWG2\Uninst.isu "
Civilization III-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Desktop Doctor--> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor? "
Digital Voice Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}\setup.exe" -l0x9 -remove
Diner Dash--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe "
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Canon\Easy-WebPrint\Uninst.isu "
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fairies--> "C:\Program Files\HP Games\Fairies\Uninstall.exe "
Family Feud--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
FATE--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
Flip Words--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe "
Galactic Civilizations Ultimate Edition-->C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\INSTALL.LOG
GemMaster Mystic--> "C:\Program Files\GemMaster\uninstallgemmaster.exe "
GiPo@FileUtilities 3.2-->MsiExec.exe /I{E2B64929-B616-4235-B10E-D26D686296F9}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll "
Gravis Xperience 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
HijackThis / CWShredder Installer 1.0--> "C:\Program Files\HijackThis\unins000.exe "
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows Media Player 10 (KB910393)--> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console--> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe "
HP Games 3.43.97--> "C:\Program Files\DISC\uninstall.exe "
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B--> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A--> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll "
IGN Download Manager 2.3.2-->C:\Program Files\IGN\Download Manager\uninst.exe
Insaniquarium Deluxe--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
iPAQ WebReg-->MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jewel Quest--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
LimeWire 4.16.6--> "C:\Program Files\LimeWire\uninstall.exe "
ListPro-->C:\PROGRA~1\ILIUMS~1\ListPro\UNWISE.EXE C:\PROGRA~1\ILIUMS~1\ListPro\INSTALL.LOG
LiveUpdate 3.0 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LJ Comment Stats Wizard 1.7--> "C:\Program Files\LJ Comment Stats Wizard\unins000.exe "
Mah Jong Quest--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
Medieval - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A10F7877-4276-416C-9F22-CB56C0CB2700}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft ActiveSync 3.7--> "C:\WINDOWS\ISUNINST.EXE" -f "C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c "C:\Program Files\Microsoft ActiveSync\ceuninst.dll "
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft Money 2006--> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook 2002-->MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe "
Netscape Browser (remove only)--> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe "
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OpenOffice.org 2.1-->MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
Otto--> "C:\Program Files\EnglishOtto\uninstallotto.exe "
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Pike & Musket TW - Music pack01-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
Pike and Musket TW 1.5-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
Poker Superstars--> "C:\Program Files\HP Games\Poker Superstars\Uninstall.exe "
Polar Bowler--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
Polar Golfer--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
Python 2.2 pywin32 extensions (build 203)--> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log "
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Ricochet Lost Worlds--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe "
Rome - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
SCRABBLE--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe "
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB958215)--> "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB960714)--> "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player (KB952069)--> "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954600)--> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956802)--> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
Slingo Deluxe--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
Snowy The Bears Adventure--> "C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe "
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Super Granny--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
TeamSpeak 2 RC2--> "C:\Program Files\Teamspeak2_RC2\unins000.exe "
Tennis Titans--> "C:\Program Files\HP Games\Tennis Titans\Uninstall.exe "
The Drawing Board v2 Beta-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.000"
The Drawing Board-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.LOG"
The New Shadow Patch 2.1-->C:\Program Files\MyProduct\Uninstal.exe
The New Shadow Patch 2.2-->C:\Program Files\MyProduct\Uninstal.exe
Tornado Jockey--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe "
Tradewinds--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
Update for Windows Media Player 10 (KB913800)--> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe "
Update for Windows Media Player 10 (KB926251)--> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe "
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Update for Windows XP (KB955839)--> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html "
Wal-Mart Digital Photo Manager-->MsiExec.exe /X{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908246--> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe "
Windows XP Media Center Edition 2005 KB912067--> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
wolfman-MC2X-->C:\Wolfman-MC2X\Uninstall wolfman-MC2X.exe
WorldMate for PocketPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86BF2E8C-959A-4D19-A248-A8A01AB4090D}\Setup.exe" -l0x9
X2 - The Threat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731}\setup.exe" -l0x9 -uninst
X² All In One Bonus Package 1.04--> "C:\Program Files\Enlight\X2 - The Threat\unins000.exe "
X2 Sector Planner-->MsiExec.exe /I{CCCD0C60-DABA-4DAC-AC71-DF92BDB322E1}
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma (remove only)--> "C:\Program Files\Yahoo! Games\Zuma\Uninstall.exe "

Hosts File Missing
======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)
AV: Avira AntiVir PersonalEdition
FW: Norton Internet Worm Protection (disabled)
FW: COMODO Firewall Pro

System event log

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54610
Source Name: Service Control Manager
Time Written: 20081208213326.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54609
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54608
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54607
Source Name: Service Control Manager
Time Written: 20081208213325.000000-360
Event Type: error
User:

Computer Name: TAMINAROSE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 54606
Source Name: Service Control Manager
Time Written: 20081208213324.000000-360
Event Type: error
User:

Application event log

Computer Name: TAMINAROSE
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 12188
Source Name: SecurityCenter
Time Written: 20080906101633.000000-300
Event Type: information
User:

Computer Name: TAMINAROSE
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 12187
Source Name: LightScribeService
Time Written: 20080906101632.000000-300
Event Type: information
User:

Computer Name: TAMINAROSE
Event Code: 101
Message: Information Level: success

Rolling back the schedule; execution will occur at approximately 10:21 AM.

Record Number: 12186
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080906101628.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TAMINAROSE
Event Code: 101
Message: Information Level: success

Service started.

Record Number: 12185
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20080906101628.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: TAMINAROSE
Event Code: 105
Message: The service was started.

Record Number: 12184
Source Name: ARSVC
Time Written: 20080906101628.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir "=%SystemRoot%
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION "=2f02
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"SonicCentral "=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

 

Hi Sharkapult
Welcome to WindowsBBS.

You are kind of loaded down with tool bars, I would remove any that you don't use.

Now please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.


Thanks
Geri

 

This computer won't connect to that download link, like most other links having to do with antivirus software. I have access to another computer Monday and will be able to post the results from that scan Monday Night.

I'll try to convince my fiance to let me remove some of the toolbars.

Thank you again for your time and effort!

 

Thank you again for your time, expertise, and patience!

Combofix says I still have AVG on my computer when I uninstalled it a while ago and it is no longer in my uninstall list. I realize all the problems w/ multiple AV programs running at the same time.

Here is the ComboFix Log:

ComboFix 08-12-29.02 - HP_Administrator 2009-01-05 18:05:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.471 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\install\install.exe
C:\xcrashdump.dat
D:\Autorun.inf

c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 21:56 --------- d-----w c:\program files\Google
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
Notify-__c0038F8C - c:\windows\system32\__c0038F8C.dat
Notify-__c007F898 - c:\windows\system32\__c007F898.dat
Notify-__c008005A - c:\windows\system32\__c008005A.dat
Notify-__c00B5FE4 - c:\windows\system32\__c00B5FE4.dat
Notify-__c00D95E8 - c:\windows\system32\__c00D95E8.dat
Notify-__c00DEFB1 - c:\windows\system32\__c00DEFB1.dat
Notify-__c00E9C81 - c:\windows\system32\__c00E9C81.dat


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 18:14:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exeQ
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2009-01-05 18:18:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 00:17:59

Pre-Run: 141,729,157,120 bytes free
Post-Run: 142,025,981,952 bytes free

273 --- E O F --- 2008-12-18 14:43:13

 

Hi
OK you need to run Combofix again.

Please do so following these directions.

Press Ctrl+Alt+Del twice at the welcome screen, then type Administrator for the username, enter the password (just press Enter if no password), then run ComboFix from that account.
Note - You will have to logon to the Administrator account again after reboot so that CF can complete.

Please post the log you get.

Thanks
Geri

 

Hi again,

This computer (running Windows XP) has only one account and it has administrator privileges. I press ctrl+alt+del twice at the windows welcome screen and it only shows the one account available.

There is no-where for me to type administrator.

When I run combofix again it does not ask me to re-boot.

My google links appear to be working fine in IE and Firefox. I can also go to common AV websites. Here is the new Combofix log in case you need it.

Should I run a Kapersky scan next?

What else should I do?

Thank you again for your patience and expertise


ComboFix 08-12-29.02 - HP_Administrator 2009-01-06 19:34:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.550 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-22 21:56 --------- d-----w c:\program files\Google
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 19:35:36
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-06 19:36:48
ComboFix-quarantined-files.txt 2009-01-07 01:36:46
ComboFix2.txt 2009-01-06 00:23:33
ComboFix3.txt 2009-01-06 00:18:09

Pre-Run: 141,941,665,792 bytes free
Post-Run: 141,882,601,472 bytes free

263 --- E O F --- 2008-12-18 14:43:13

 

Hi

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • c:\documents and settings\HP_Administrator\nah_vnxr.exe
• Click on the submit button
  
• Please post the results in your next reply.

Do you know what these are?
C:\mekmakerdev24
C:\MekHangarPreview004
C:\megamekdevsvn20081116


Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
c:\windows\imsins.BAK
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\avgldx86.sys
c:\windows\system32\avgrsstx.dll

Folder::
c:\program files\AVG
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\Trymedia

Driver::
AvgLdx86
avg8wd 

Please post the results from Jotti, let me know about those folders and post the new Combofix log.

Thanks

 

Hello,

These three programs:
C:\mekmakerdev24
C:\MekHangarPreview004
C:\megamekdevsvn20081116

are all related to an online java-based BattleTech game I sometimes play. The first two are useless (downloaded from sourceforge.net) and I just have not deleted them yet and I have no attachment to them. The third is a version of the game.

First the Jotti Log:

Service load:
0% 100%
File: nah_vnxr.exe
Status:
INFECTED/MALWARE
MD5: 1764fb0a53e21a75d60d73a855eea1db
Packers detected:
-
Scanner results
Scan taken on 07 Jan 2009 12:10:11 (GMT)
A-Squared
Found Trojan.Generic!IK
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found Trojan.Generic.1245657
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found Trojan.Generic.1245657
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found Trj/Agent.LEM
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Malware-Cryptor.Win32.General.4 (probable variant)

Combofix Log:

ComboFix 08-12-29.02 - HP_Administrator 2009-01-07 6:24:33.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.567 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
c:\windows\imsins.BAK
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\avgldx86.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\dumps\avgwdsvc.exe_128732628823437500.dmp
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Application Data\avg8\Lsdb\cf.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\ph.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat.xcd
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat.xcd
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\Trymedia
c:\documents and settings\All Users\Application Data\Trymedia\data\{A1C86C9F-DF01-A326-595A-1EE76EA95EF5}
c:\documents and settings\All Users\Application Data\Trymedia\data\{AA7362A4-9510-8D7F-39A8-621528A6AC05}
c:\documents and settings\All Users\Application Data\Trymedia\data\{BEB31D66-6091-E439-DCF9-CEF50F2AC771}
c:\documents and settings\All Users\Application Data\Trymedia\data\{D82B3C88-31B2-AE5F-9471-4576A2BBC7CF}
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglinks.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglogo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus_error.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\brandlogo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\COMBOSEARCH.acs
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\p_yahoo.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_off.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_on.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_off.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_on.bmp
c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\slider.bmp
c:\program files\AVG
c:\program files\AVG\AVG8\aAvgApi.exe
c:\program files\AVG\AVG8\avg.snu
c:\program files\AVG\AVG8\avg404.txt
c:\program files\AVG\AVG8\avg7api.dll
c:\program files\AVG\AVG8\avg8us.lng
c:\program files\AVG\AVG8\avgabout.dll
c:\program files\AVG\AVG8\avgapix.dll
c:\program files\AVG\AVG8\avgbat.bav
c:\program files\AVG\AVG8\avgcfgex.exe
c:\program files\AVG\AVG8\avgcfgx.dll
c:\program files\AVG\AVG8\avgcmgr.exe
c:\program files\AVG\AVG8\avgcorex.dll
c:\program files\AVG\AVG8\avgcrlpx.dll
c:\program files\AVG\AVG8\avgdumpx.exe
c:\program files\AVG\AVG8\avgf8us.chm
c:\program files\AVG\AVG8\avgfrw.exe
c:\program files\AVG\AVG8\avginet.dll
c:\program files\AVG\AVG8\avgiproxy.exe
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avglogx.dll
c:\program files\AVG\AVG8\avgmail.dll
c:\program files\AVG\AVG8\avgmvflx.dll
c:\program files\AVG\AVG8\avgmwdef_us.mht
c:\program files\AVG\AVG8\avgoff2k.dll
c:\program files\AVG\AVG8\avgpp.dll
c:\program files\AVG\AVG8\avgresf.dll
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgscanx.dll
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgsched.dll
c:\program files\AVG\AVG8\avgse.dll
c:\program files\AVG\AVG8\avgsrmax.exe
c:\program files\AVG\AVG8\avgsrmx.dll
c:\program files\AVG\AVG8\avgssie.dll
c:\program files\AVG\AVG8\avgtbapi.dll
c:\program files\AVG\AVG8\avgtoolbar.dll
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgui.exe
c:\program files\AVG\AVG8\avguiadv.dll
c:\program files\AVG\AVG8\avguires.dll
c:\program files\AVG\AVG8\avgupd.dll
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgvvx.dll
c:\program files\AVG\AVG8\avgwd.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\AVG\AVG8\avgxch32.dll
c:\program files\AVG\AVG8\avgxpl.dll
c:\program files\AVG\AVG8\cfg\mail.cfg
c:\program files\AVG\AVG8\contacts_us.html
c:\program files\AVG\AVG8\dbghelp.dll
c:\program files\AVG\AVG8\dfncfg.dat
c:\program files\AVG\AVG8\fixcfg.exe
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
c:\program files\AVG\AVG8\Icons\background_middle_green.gif
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
c:\program files\AVG\AVG8\Icons\background_middle_red.gif
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG8\Icons\background_top_gray.gif
c:\program files\AVG\AVG8\Icons\background_top_green.gif
c:\program files\AVG\AVG8\Icons\background_top_orange.gif
c:\program files\AVG\AVG8\Icons\background_top_red.gif
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
c:\program files\AVG\AVG8\Icons\block-doc.gif
c:\program files\AVG\AVG8\Icons\blocked.gif
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG8\Icons\border_top_gray.gif
c:\program files\AVG\AVG8\Icons\border_top_green.gif
c:\program files\AVG\AVG8\Icons\border_top_orange.gif
c:\program files\AVG\AVG8\Icons\border_top_red.gif
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
c:\program files\AVG\AVG8\Icons\box_top_red.gif
c:\program files\AVG\AVG8\Icons\caution.gif
c:\program files\AVG\AVG8\Icons\click_here_gray.gif
c:\program files\AVG\AVG8\Icons\click_here_green.gif
c:\program files\AVG\AVG8\Icons\click_here_orange.gif
c:\program files\AVG\AVG8\Icons\click_here_red.gif
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
c:\program files\AVG\AVG8\Icons\clock.gif
c:\program files\AVG\AVG8\Icons\close.gif
c:\program files\AVG\AVG8\Icons\icons_blocked.gif
c:\program files\AVG\AVG8\Icons\icons_caution.gif
c:\program files\AVG\AVG8\Icons\icons_close.gif
c:\program files\AVG\AVG8\Icons\icons_safe.gif
c:\program files\AVG\AVG8\Icons\icons_unknown.gif
c:\program files\AVG\AVG8\Icons\icons_warning.gif
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG8\Icons\safe.gif
c:\program files\AVG\AVG8\Icons\unknown.gif
c:\program files\AVG\AVG8\Icons\warning.gif
c:\program files\AVG\AVG8\license_us.txt
c:\program files\AVG\AVG8\log\history.xml
c:\program files\AVG\AVG8\setup.cfg
c:\program files\AVG\AVG8\setup.dat
c:\program files\AVG\AVG8\setup.exe
c:\program files\AVG\AVG8\setupus.lns
c:\program files\AVG\AVG8\ToolbarIEcache\avglinks.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avglogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg
c:\program files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\slider.bmp
c:\program files\AVG\AVG8\updatecomps.cfg
c:\windows\imsins.BAK
c:\windows\system32\avgrsstx.dll
c:\windows\system32\drivers\avgldx86.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]

*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 06:24:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-07 6:25:26
ComboFix-quarantined-files.txt 2009-01-07 12:25:24
ComboFix2.txt 2009-01-07 12:20:27
ComboFix3.txt 2009-01-07 01:36:49
ComboFix4.txt 2009-01-06 00:23:33
ComboFix5.txt 2009-01-07 12:24:16

Pre-Run: 141,977,038,848 bytes free
Post-Run: 141,912,485,888 bytes free

477 --- E O F --- 2008-12-18 14:43:13

 

Hi
OK please delete the CFScript you have.

Now do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

http://www.windowsbbs.com/malware-virus-removal/80128-active-another-browser-hijack-av-wont-update.html
Suspect::[22]
c:\documents and settings\HP_Administrator\nah_log.dat
c:\documents and settings\HP_Administrator\nah_vnxr.exe

Folder::
C:\mekmakerdev24
C:\MekHangarPreview004
c:\windows\system32\drivers\Avg 

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.**With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.
• A browser will open.
• Simply follow the instructions to copy/paste/send the requested file.

Please post the combofix log.

Thanks!
Geri

 

Sorry it took me a while, but here goes.
Thanks again!

ComboFix 08-12-29.02 - HP_Administrator 2009-01-09 21:17:58.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.608 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\MekHangarPreview004
c:\mekhangarpreview004\MekHangar-Preview-004\build.xml
c:\mekhangarpreview004\MekHangar-Preview-004\data\conversion\mtf.txt
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Add24.png
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Play24.gif
c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Remove24.png
c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\equipment.xml
c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\mech_tables.xml
c:\mekhangarpreview004\MekHangar-Preview-004\lib\MegaMek.jar
c:\mekhangarpreview004\MekHangar-Preview-004\lib\TinyXML.jar
c:\mekhangarpreview004\MekHangar-Preview-004\license.txt
c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar-MM.jar
c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar.jar
c:\mekhangarpreview004\MekHangar-Preview-004\readme.txt
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\Equipment.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\exception\InsufficientCriticalException.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\CustomComboBox.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentChoicePanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentEditorPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentInfoPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentItemPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerButton.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesigner.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesignerFrame.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\AbstractIntegerModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ArmorTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ChassisTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\CockpitTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EngineTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EquipmentChoiceModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\GyroTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\HeatSinkTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\IntegerModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\InternalTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\LocationArmorModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\MyomerTypeModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\SlotAreaModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechBaseModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechLevelModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TonnageModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MovementLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SelectionListener.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SlotAreaPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\TonnageUsageLabel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesign.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesignListener.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\SlotArea.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AbstractStringModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AmmoModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\EntityFileEditor.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\EntityFileEditorFrame.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\LocationStatusPanel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\MechEditorDialog.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\LocationModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\MechEditor.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\PilotModel.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentData.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentList.java
c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\MechTables.java
C:\mekmakerdev24
c:\mekmakerdev24\mekmaker-dev-24\lib\swing-layout-1.0.jar
c:\mekmakerdev24\mekmaker-dev-24\MekMaker.jar
c:\mekmakerdev24\mekmaker-dev-24\README.TXT
c:\mekmakerdev24\mekmaker-dev-24\source\build.xml
c:\mekmakerdev24\mekmaker-dev-24\source\license.txt
c:\mekmakerdev24\mekmaker-dev-24\source\manifest.mf
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-prop-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-props
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\build-impl.xml.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\genfiles.properties.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.properties.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.xml.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\build-impl.xml.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\genfiles.properties.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.properties.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.xml.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\build-impl.xml
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\genfiles.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.xml
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties~
c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.xml
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractComponent.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerJPanel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractIntegerValueLookup.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\CockpitTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\DesignerMainTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EngineTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EventHandler.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GenericSetGetInterface.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GyroTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\InternalStructureTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MainWindowManager.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MotiveTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TableRowSelectionListener.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TechnologyBases.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractComponent.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerJPanel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractIntegerValueLookup.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\CockpitTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\DesignerMainTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EngineTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EventHandler.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GenericSetGetInterface.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GyroTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\InternalStructureTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MainWindowManager.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MotiveTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TableRowSelectionListener.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TechnologyBases.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractComponent.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerJPanel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractEntity.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractIntegerValueLookup.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorPoint.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\BTCalc.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CockpitTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CriticalSlot.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\DesignerMainTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EngineTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EventHandler.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GenericSetGetInterface.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GyroTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\HeatSinkTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\InternalStructureTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MainWindowManager.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MotiveTypes.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\Section.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TableRowSelectionListener.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TechnologyBases.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractComponent.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerJPanel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractEntity.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractIntegerValueLookup.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorPoint.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\BTCalc.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CockpitTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CriticalSlot.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\DesignerMainTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EngineTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EventHandler.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GenericSetGetInterface.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GyroTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\HeatSinkTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\InternalStructureTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MainWindowManager.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MotiveTypes.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\Section.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TableRowSelectionListener.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TechnologyBases.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractComponent.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerJPanel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractEntity.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractIntegerValueLookup.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorPoint.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\BTCalc.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CockpitTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CriticalSlot.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\DesignerMainTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EngineTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EventHandler.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GenericSetGetInterface.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GyroTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\HeatSinkTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\InternalStructureTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MainWindowManager.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MotiveTypes.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\Section.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TableRowSelectionListener.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TechnologyBases.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\prop-base\EngineTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\props\EngineTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\text-base\EngineTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\wcprops\EngineTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\EngineTableModel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\prop-base\InternalStructureTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\props\InternalStructureTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\text-base\InternalStructureTableModel.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\wcprops\InternalStructureTableModel.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\InternalStructureTableModel.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareBattleMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareIndustrialMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareBattleMechDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareIndustrialMechDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareInfantryPlatoonDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareBattleMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareIndustrialMechDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareBattleMechDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareIndustrialMechDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareInfantryPlatoonDesigner.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechArmor.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechArmor.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechChassis.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechChassis.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEngine.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEngine.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMechOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMechOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechArmor.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechArmor.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechChassis.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechChassis.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechEngine.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechEngine.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechHeatSinks.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechHeatSinks.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrialMechOverview.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrialMechOverview.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareBattleMechDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareIndustrialMechDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareInfantryPlatoonDesigner.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechArmorTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechChassisTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechEngineTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechHeatSinksTreeNode.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechArmorTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechChassisTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechEngineTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechHeatSinksTreeNode.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechArmorTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechChassisTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechEngineTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechHeatSinksTreeNode.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\dir-wcprops
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\empty-file
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\entries
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\format
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\README.txt
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.form.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.java.svn-base
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.form.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.java.svn-work
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.java
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.form
c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.java
c:\windows\system32\drivers\Avg
c:\windows\system32\drivers\Avg\avi7.avg
c:\windows\system32\drivers\Avg\incavi.avm
c:\windows\system32\drivers\Avg\microavi.avg
c:\windows\system32\drivers\Avg\miniavi.avg

.
((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-10 03:12:14 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-10 03:12:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
.

 

------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 21:23:23
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(944)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-09 21:23:56
ComboFix-quarantined-files.txt 2009-01-10 03:23:53
ComboFix2.txt 2009-01-07 12:25:27
ComboFix3.txt 2009-01-07 12:20:27
ComboFix4.txt 2009-01-07 01:36:49
ComboFix5.txt 2009-01-10 03:17:02

Pre-Run: 141,973,721,088 bytes free
Post-Run: 141,907,619,840 bytes free

646 --- E O F --- 2008-12-18 14:43:13

 

Hi
Please delete the CFScript you have.


Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

RootKit::
C:\Windows\system32\drivers\TDSSpqlt.sys 

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.


Now click on "Start" > "Run" copy and paste this into the run box and click OK, a file named HKLMSS.txt will appear on your desktop, please copy and paste the contents of that here.

Code:

regedit /e  "%userprofile%\desktop\HKLMSS.txt"  "HKEY_LOCAL_MACHINE\System\Select" 

Please post the CF log and the contents of the HKLMSS.txt file

Thanks
Geri

 

Here goes:

Combofix: When it re-booted I realized I forgot to set my firewall to not run on re-start. I closed it quickly but I don't know if it effected anything.

ComboFix 08-12-29.02 - HP_Administrator 2009-01-11 11:29:41.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.607 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSpqlt.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 15:54:03 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
- 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
+ 2009-01-11 15:54:25 29,696 ----a-w c:\windows\system32\TDSShrxx.dll
+ 2009-01-11 15:54:31 2,710 ----a-w c:\windows\system32\TDSSlxwp.dll
+ 2009-01-11 15:54:25 35,840 ----a-w c:\windows\system32\TDSSoiqt.dll
+ 2009-01-11 15:54:27 31,232 ----a-w c:\windows\system32\TDSSvkql.dll
+ 2009-01-11 15:54:29 61,440 ----a-w c:\windows\system32\TDSSxfum.dll
+ 2009-01-11 17:31:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 11:32:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\ehome\mcrdsvc.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2009-01-11 11:37:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 17:37:16
ComboFix2.txt 2009-01-10 03:23:58
ComboFix3.txt 2009-01-07 12:25:27
ComboFix4.txt 2009-01-07 12:20:27
ComboFix5.txt 2009-01-11 17:28:53

Pre-Run: 141,966,721,024 bytes free
Post-Run: 141,902,913,536 bytes free

261 --- E O F --- 2008-12-18 14:43:13

HKLMSS:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\Select]
"Current "=dword:00000001
"Default "=dword:00000001
"Failed "=dword:00000000
"LastKnownGood "=dword:00000003

 

Hi
Combofix should have prompted you to update why did you not let it do so? we need to have a updated version.

Please run it again not using the script and let it update.

Geri

 

Combofix did not actively prompt me to update. I would have let it do so otherwise.

Thanks again!

ComboFix 08-12-29.02 - HP_Administrator 2009-01-11 13:53:35.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.578 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: COMODO Firewall Pro *enabled*
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TDSShrxx.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSoiqt.dll
c:\windows\system32\TDSSvkql.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 15:54:03 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-11 17:31:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\explorer.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.trymedia.com
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 13:54:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "
.
Completion time: 2009-01-11 13:56:20
ComboFix-quarantined-files.txt 2009-01-11 19:55:02
ComboFix2.txt 2009-01-11 17:37:51
ComboFix3.txt 2009-01-10 03:23:58
ComboFix4.txt 2009-01-07 12:25:27
ComboFix5.txt 2009-01-11 19:53:15

Pre-Run: 141,951,766,528 bytes free
Post-Run: 141,888,577,536 bytes free

268 --- E O F --- 2008-12-18 14:43:13

 

Hi
OK this can be very hard to get rid of.

We need to see CF run in a normal fashion instead of reduced functionality.

Please delete current copy of ComboFix and download a fresh one. Save it to the drive root; Local Disk C:

Reboot to safe mode and logon to the Admininstrator account.
Run ComboFix and if it restarts the machine, force it back to safe mode and logon to the Administrator account again to let ComboFix finish.
When done, boot back to normal mode and post the C:\ComboFix.txt log

Thanks
Geri

 

Combofix kept detecting avira running and I couldn't get it stop running, so I just un-installed it.

Otherwise here is the log,

Thank you again!

ComboFix 09-01-13.04 - Administrator 2009-01-14 19:57:59.11 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.772 [GMT -6:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
FW: COMODO Firewall Pro *enabled*
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-14 19:54 . 2009-01-14 19:54 3,039,899 -ra------ C:\ComboFix.exe
2009-01-11 13:53 . 2009-01-11 13:56 <DIR> d-------- C:\OomboFix
2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 01:50 --------- d-----w c:\program files\Google
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2008-12-13 16:52 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-13 16:52 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
2008-12-06 01:52 --------- d-----w c:\program files\AIM6
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

------- Sigcheck -------

2005-03-10 01:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
2008-11-30 12:47 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm
"vidc.ffds "= ffdshow.ax

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
backup=c:\windows\pss\ListProAlarms.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
--a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
--a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service "=2 (0x2)
"usnjsvc "=3 (0x3)
"UPS "=3 (0x3)
"TapiSrv "=2 (0x2)
"mnmsrvc "=3 (0x3)
"gusvc "=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\mIRC\\mirc.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"c:\\WINDOWS\\system32\\sessmgr.exe "=

R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-06-05 87312]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-06-05 23824]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;c:\pcdr5\pcd5srvc.pkms [2006-09-25 28336]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: *.trymedia.com

c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd10dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 20:01:36
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
"ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(312)
c:\windows\system32\guard32.dll
.
Completion time: 2009-01-14 20:06:20
ComboFix-quarantined-files.txt 2009-01-15 02:06:18
ComboFix2.txt 2009-01-11 19:56:22
ComboFix3.txt 2009-01-11 17:37:51
ComboFix4.txt 2009-01-10 03:23:58
ComboFix5.txt 2009-01-15 01:10:04

Pre-Run: 143,885,971,456 bytes free
Post-Run: 143,870,017,536 bytes free

245 --- E O F --- 2009-01-14 02:54:06

 

Hi
OK good.

Now do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Now lets get a on line scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Here's the Kapersky report

Thank you again for your time!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 16, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 16, 2009 00:24:14
Records in database: 1628094
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 254919
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 04:09:45


File name / Threat name / Threats count
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqlt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrxx.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqt.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvkql.dll.vir Infected: Backdoor.Win32.TDSS.atb 1

The selected area was scanned.