1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Another Browser Hijack/ AV won't update.

Discussion in 'Malware and Virus Removal Archive' started by Sharkapult, 2009/01/03.

  1. 2009/01/03
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    [Resolved] Another Browser Hijack/ AV won't update.

    Avira detects 6 items but they continue to re-appear. I have my avira log as well if needed.

    Thank you very much for your time!

    I d/l'd RSIT onto a thumb drive, moved it to this comp and ran it and here are my logs:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by HP_Administrator at 2009-01-03 07:53:52
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 135 GB (74%) free of 182 GB
    Total RAM: 958 MB (52% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:53:56 AM, on 1/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\COMODO\Firewall\cmdagent.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Documents and Settings\HP_Administrator\Desktop\fixers\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=61008
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe "
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
    O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE "
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1198080380562
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: __c0038F8C - C:\WINDOWS\system32\__c0038F8C.dat (file missing)
    O20 - Winlogon Notify: __c007F898 - C:\WINDOWS\system32\__c007F898.dat (file missing)
    O20 - Winlogon Notify: __c008005A - C:\WINDOWS\system32\__c008005A.dat (file missing)
    O20 - Winlogon Notify: __c00B5FE4 - C:\WINDOWS\system32\__c00B5FE4.dat (file missing)
    O20 - Winlogon Notify: __c00D95E8 - C:\WINDOWS\system32\__c00D95E8.dat (file missing)
    O20 - Winlogon Notify: __c00DEFB1 - C:\WINDOWS\system32\__c00DEFB1.dat (file missing)
    O20 - Winlogon Notify: __c00E9C81 - C:\WINDOWS\system32\__c00E9C81.dat (file missing)
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE

    --
    End of file - 13860 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
    C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}]
    Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
    EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-13 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
    Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-11-28 32867]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
    hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-25 737776]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-13 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-13 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-11-20 878352]
    {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2403392]
    {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - Comcast Toolbar - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL [2006-11-07 1821184]
    {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759]
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2008-08-05 1190912]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
    "HPHUPD08 "=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
    "DMAScheduler "=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
    " "= []
    "PCDrProfiler "= []
    "HPBootOp "=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
    "Reminder "=C:\Windows\Creator\Remind_XP.exe [2004-12-13 663552]
    "regcmdcons "=c:\hp\bin\cloaker.exe [1999-11-07 27136]
    "HP Software Update "=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]
    "CanonMyPrinter "=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-03-21 1191936]
    "ISUSPM Startup "=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
    "DISCover "=C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]
    "COMODO Firewall Pro "=C:\Program Files\COMODO\Firewall\cfp.exe [2008-06-05 1572608]
    "TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-13 136600]
    "avgnt "=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
    "swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]
    "Aim6 "=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    Grxp4exe.exe /init []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE [2005-02-02 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-07 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-17 180269]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    C:\PROGRA~1\MICROS~4\Office10\OSA.EXE [2001-02-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-08-17 36903]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    C:\PROGRA~1\ILIUMS~1\ListPro\LISTPR~1.EXE [2004-01-26 98304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2
    "usnjsvc "=3
    "UPS "=3
    "TapiSrv "=2
    "mnmsrvc "=3
    "gusvc "=3

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "=" C:\WINDOWS\system32\guard32.dll "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0038F8C]
    C:\WINDOWS\system32\__c0038F8C.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c007F898]
    C:\WINDOWS\system32\__c007F898.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008005A]
    C:\WINDOWS\system32\__c008005A.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00B5FE4]
    C:\WINDOWS\system32\__c00B5FE4.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00D95E8]
    C:\WINDOWS\system32\__c00D95E8.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00DEFB1]
    C:\WINDOWS\system32\__c00DEFB1.dat []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00E9C81]
    C:\WINDOWS\system32\__c00E9C81.dat []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe "= "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe "
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe "= "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe "= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP "
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
    "C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe "= "C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh "
    "C:\WINDOWS\system32\javaw.exe "= "C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary "
    "C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
    "C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "
    "C:\Program Files\DISC\DISCover.exe "= "C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System "
    "C:\Program Files\DISC\DiscStreamHub.exe "= "C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub "
    "C:\Program Files\DISC\myFTP.exe "= "C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager "
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "
    "C:\WINDOWS\explorer.exe "= "C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer "
    "C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost "
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe "= "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink "
    "C:\WINDOWS\system32\sessmgr.exe "= "C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe "= "C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP "
    "%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\livecall.exe "= "C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "

    ======List of files/folders created in the last 3 months======

    2009-01-03 07:53:52 ----D---- C:\rsit
    2008-12-20 14:10:09 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-12-20 11:29:28 ----D---- C:\Program Files\Avira
    2008-12-20 11:29:28 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2008-12-20 11:20:29 ----D---- C:\Program Files\GiPo@Utilities
    2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files\Gibinsoft Shared
    2008-12-20 11:19:57 ----D---- C:\WINDOWS\Downloaded Installations
    2008-12-20 11:06:18 ----D---- C:\Program Files\Trend Micro
    2008-12-20 09:43:38 ----D---- C:\hosts
    2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\java.exe
    2008-12-13 10:52:39 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-12-12 06:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
    2008-12-12 06:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
    2008-12-12 06:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
    2008-12-12 06:23:00 ----A---- C:\WINDOWS\imsins.BAK
    2008-12-12 06:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
    2008-12-12 06:14:42 ----SHD---- C:\Config.Msi
    2008-12-10 18:50:09 ----D---- C:\Program Files\HijackThis
    2008-12-08 21:28:05 ----D---- C:\Program Files\Crawler
    2008-12-08 20:19:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2008-12-08 20:19:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVGTOOLBAR
    2008-12-08 20:19:12 ----D---- C:\Program Files\AVG
    2008-12-08 20:19:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-12-08 20:15:55 ----D---- C:\Program Files\CCleaner
    2008-12-07 21:11:33 ----D---- C:\mekmakerdev24
    2008-12-07 21:10:11 ----D---- C:\MekHangarPreview004
    2008-12-07 21:04:59 ----D---- C:\megamekdevsvn20081116
    2008-12-05 19:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
    2008-11-29 17:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-11-29 17:55:45 ----D---- C:\Program Files\Yahoo! Games
    2008-11-12 08:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
    2008-11-12 08:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
    2008-11-12 08:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
    2008-11-09 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-10-25 08:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-15 15:16:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-15 15:16:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-15 15:15:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-15 15:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-15 15:11:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-06 21:11:58 ----D---- C:\Program Files\Instant CD & DVD Burner
    2008-10-06 20:57:46 ----D---- C:\Program Files\QuickMediaConverter
    2008-10-06 20:56:52 ----D---- C:\Install
    2008-10-06 20:38:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Any Video Converter
    2008-10-06 20:20:08 ----A---- C:\WINDOWS\Easy Video to DVD.INI
    2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\VB6FR.DLL
    2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL
    2008-10-06 19:55:50 ----A---- C:\WINDOWS\system32\inetfr.DLL
    2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\mfc71d.dll
    2008-10-06 19:55:49 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL
    2008-10-06 19:55:48 ----D---- C:\Program Files\Videos To DVD
    2008-10-06 19:55:48 ----A---- C:\WINDOWS\system32\msvcr71d.dll
    2008-10-06 17:08:04 ----D---- C:\Program Files\Photo Story 3 for Windows

    ======List of files/folders modified in the last 3 months======

    2009-01-03 07:49:12 ----AD---- C:\WINDOWS
    2009-01-03 07:48:55 ----D---- C:\WINDOWS\Temp
    2009-01-03 07:46:10 ----D---- C:\Program Files
    2009-01-03 07:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-01-03 07:44:35 ----D---- C:\WINDOWS\system32\drivers
    2009-01-03 07:39:12 ----D---- C:\Program Files\Mozilla Firefox
    2009-01-02 09:08:24 ----D---- C:\WINDOWS\Prefetch
    2008-12-22 16:25:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-22 15:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
    2008-12-22 15:56:39 ----D---- C:\Program Files\Google
    2008-12-20 11:25:31 ----D---- C:\WINDOWS\system32
    2008-12-20 11:20:30 ----SHD---- C:\WINDOWS\Installer
    2008-12-20 11:20:29 ----D---- C:\Program Files\Common Files
    2008-12-20 09:32:21 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-12-18 08:43:11 ----HD---- C:\WINDOWS\inf
    2008-12-18 08:42:55 ----RSHD---- C:\WINDOWS\system32\dllcache
    2008-12-18 08:41:57 ----HD---- C:\WINDOWS\$hf_mig$
    2008-12-13 10:52:22 ----D---- C:\Program Files\Java
    2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-12-12 07:00:17 ----D---- C:\Program Files\Internet Explorer
    2008-12-12 06:27:56 ----A---- C:\WINDOWS\win.ini
    2008-12-12 06:24:48 ----D---- C:\WINDOWS\Debug
    2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-12-08 21:32:11 ----A---- C:\WINDOWS\system32\dwwin.exe
    2008-12-08 20:24:02 ----D---- C:\Sharks Folder
    2008-12-08 20:07:25 ----RASH---- C:\boot.ini
    2008-12-08 20:07:25 ----A---- C:\WINDOWS\system.ini
    2008-12-07 09:49:04 ----D---- C:\WINDOWS\system32\Lang
    2008-12-05 19:52:55 ----D---- C:\Program Files\AIM6
    2008-12-05 19:52:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-12-05 19:52:04 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
    2008-12-05 19:51:31 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2008-11-30 12:47:27 ----A---- C:\WINDOWS\system32\termsrv.dll
    2008-11-30 12:47:26 ----A---- C:\WINDOWS\system32\winlogon.exe
    2008-11-12 09:35:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-11-12 08:48:22 ----D---- C:\WINDOWS\WinSxS
    2008-11-06 14:31:40 ----D---- C:\WINDOWS\Help
    2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
    2008-10-23 04:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
    2008-10-19 14:29:43 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-10-16 17:47:30 ----D---- C:\Program Files\The Drawing Board
    2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\occache.dll
    2008-10-16 14:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll

    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\url.dll
    2008-10-16 14:38:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msrating.dll
    2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
    2008-10-16 14:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-10-16 14:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-10-16 14:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-10-16 14:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
    2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
    2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
    2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
    2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
    2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
    2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
    2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
    2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
    2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
    2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
    2008-10-16 07:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-10-16 07:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-10-15 15:15:12 ----D---- C:\WINDOWS\ie7updates
    2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 01:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-10-06 20:30:45 ----D---- C:\temp
    2008-10-06 17:08:41 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
    2008-10-06 17:08:07 ----D---- C:\Program Files\Common Files\Microsoft Shared

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 kid_sys;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\drivers\KID_SYS.sys [2001-09-26 11920]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-01-25 1149888]
    R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
    R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
    R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
    R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
    R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
    R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
    S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 imhidusb;Immersion's HID USB Driver; C:\WINDOWS\system32\drivers\imhidusb.sys [2002-02-14 30920]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 ntxpusb;Gravis USB device driver; C:\WINDOWS\system32\drivers\ntxpusb.sys [2002-02-26 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver; \??\C:\PCDR5\PCD5SRVC.pkms []
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
    S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-25 611664]
    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
    R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-06-05 507648]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-13 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S4 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
    S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
    S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

    -----------------EOF-----------------
     
    Last edited: 2009/01/03
  2. 2009/01/03
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    info.txt logfile of random's system information tool 1.05 2009-01-03 07:53:59

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
    Adobe Flash Player 9-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
    AIM 6-->C:\Program Files\AIM6\uninst.exe
    Alien Outbreak 2--> "C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe "
    Ancient Sudoku--> "C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe "
    ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Bejeweled 2 Deluxe--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe "
    Big Kahuna Reef--> "C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe "
    Black and White-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
    Blackhawk Striker 2--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe "
    Blasterball 2 Remix--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe "
    Blasterball 2 Revolution--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe "
    Bookworm Deluxe--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe "
    Bounce Symphony--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe "
    Canon MP Navigator 3.0--> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
    Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
    Canon MP160--> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
    Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
    Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
    CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
    Chuzzle Deluxe--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe "
    Civil War Generals II-->C:\WINDOWS\IsUninst.exe -f "C:\Impressions Games\CWG2\Uninst.isu "
    Civilization III-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
    Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
    Comcast Toolbar-->C:\Program Files\ComcastToolbar\uninstall.exe
    COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
    Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
    Desktop Doctor--> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor? "
    Digital Voice Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B478ACE-8512-4A46-ACB2-69D83DF2F6C7}\setup.exe" -l0x9 -remove
    Diner Dash--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe "
    Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
    Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Canon\Easy-WebPrint\Uninst.isu "
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    Fairies--> "C:\Program Files\HP Games\Fairies\Uninstall.exe "
    Family Feud--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe "
    FATE--> "C:\Program Files\HP Games\FATE\Uninstall.exe "
    Flip Words--> "C:\Program Files\HP Games\Flip Words\Uninstall.exe "
    Galactic Civilizations Ultimate Edition-->C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\UNWISE.EXE C:\PROGRA~1\Stardock\TOTALG~1\GALCIV~1\INSTALL.LOG
    GemMaster Mystic--> "C:\Program Files\GemMaster\uninstallgemmaster.exe "
    GiPo@FileUtilities 3.2-->MsiExec.exe /I{E2B64929-B616-4235-B10E-D26D686296F9}
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll "
    Gravis Xperience 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13599F5D-20A2-449A-BA81-A7D8B98A8DF1}\Setup.exe" -u
    High Definition Audio Driver Package - KB888111--> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe "
    HijackThis / CWShredder Installer 1.0--> "C:\Program Files\HijackThis\unins000.exe "
    HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
    Hotfix for Windows Media Player 10 (KB910393)--> "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe "
    Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
    HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
    HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
    HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
    HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
    HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Game Console--> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe "
    HP Games 3.43.97--> "C:\Program Files\DISC\uninstall.exe "
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
    HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
    HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
    HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP PSC & OfficeJet 5.3.B--> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
    HP PSC & OfficeJet 6.1.A--> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
    HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
    HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
    HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll "
    IGN Download Manager 2.3.2-->C:\Program Files\IGN\Download Manager\uninst.exe
    Insaniquarium Deluxe--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe "
    iPAQ WebReg-->MsiExec.exe /I{D37C6152-89DF-4D29-83CF-666200D5F398}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Jewel Quest--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe "
    LimeWire 4.16.6--> "C:\Program Files\LimeWire\uninstall.exe "
    ListPro-->C:\PROGRA~1\ILIUMS~1\ListPro\UNWISE.EXE C:\PROGRA~1\ILIUMS~1\ListPro\INSTALL.LOG
    LiveUpdate 3.0 (Symantec Corporation)--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LJ Comment Stats Wizard 1.7--> "C:\Program Files\LJ Comment Stats Wizard\unins000.exe "
    Mah Jong Quest--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe "
    Medieval - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A10F7877-4276-416C-9F22-CB56C0CB2700}\setup.exe" -l0x9 -removeonly
    Microsoft .NET Framework 1.1 Hotfix (KB928366)--> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp "
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft ActiveSync 3.7--> "C:\WINDOWS\ISUNINST.EXE" -f "C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c "C:\Program Files\Microsoft ActiveSync\ceuninst.dll "
    Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
    Microsoft Money 2006--> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
    Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
    Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Outlook 2002-->MsiExec.exe /I{911A0409-6000-11D3-8CFE-0050048383C9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
    Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
    muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
    Mystery Case Files--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe "
    Netscape Browser (remove only)--> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe "
    NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
    OpenOffice.org 2.1-->MsiExec.exe /I{43983EB4-43DC-4C3D-9712-1EF592A31CA8}
    Otto--> "C:\Program Files\EnglishOtto\uninstallotto.exe "
    PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
    Pike & Musket TW - Music pack01-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
    Pike and Musket TW 1.5-->C:\Program Files\The Creative Assembly\MTW archive\Medieval - Total War - Gold Edition\Uninstal.exe
    Poker Superstars--> "C:\Program Files\HP Games\Poker Superstars\Uninstall.exe "
    Polar Bowler--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe "
    Polar Golfer--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe "
    Python 2.2 pywin32 extensions (build 203)--> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log "
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Ricochet Lost Worlds--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe "
    Rome - Total War - Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}\setup.exe" -l0x9 -removeonly
    ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
    SCRABBLE--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe "
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Step By Step Interactive Training (KB898458)--> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe "
    Security Update for Step By Step Interactive Training (KB923723)--> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB958215)--> "C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe "
    Security Update for Windows Internet Explorer 7 (KB960714)--> "C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe "
    Security Update for Windows Media Player (KB952069)--> "C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 10 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 10 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe "
    Security Update for Windows Media Player 10 (KB936782)--> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB954459)--> "C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB954600)--> "C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB955069)--> "C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956802)--> "C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB957097)--> "C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe "
    Security Update for Windows XP (KB958644)--> "C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe "
    Slingo Deluxe--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe "
    Snowy The Bears Adventure--> "C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe "
    Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Super Granny--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe "
    TeamSpeak 2 RC2--> "C:\Program Files\Teamspeak2_RC2\unins000.exe "
    Tennis Titans--> "C:\Program Files\HP Games\Tennis Titans\Uninstall.exe "
    The Drawing Board v2 Beta-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.000"
    The Drawing Board-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\The Drawing Board\ST6UNST.LOG"
    The New Shadow Patch 2.1-->C:\Program Files\MyProduct\Uninstal.exe
    The New Shadow Patch 2.2-->C:\Program Files\MyProduct\Uninstal.exe
    Tornado Jockey--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe "
    Tradewinds--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe "
    Update for Windows Media Player 10 (KB913800)--> "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe "
    Update for Windows Media Player 10 (KB926251)--> "C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe "
    Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
    Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
    Update for Windows XP (KB955839)--> "C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe "
    Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
    Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html "
    Wal-Mart Digital Photo Manager-->MsiExec.exe /X{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}
    WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Windows Media Format Runtime--> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Media Center Edition 2005 KB908246--> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe "
    Windows XP Media Center Edition 2005 KB912067--> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe "
    Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
    wolfman-MC2X-->C:\Wolfman-MC2X\Uninstall wolfman-MC2X.exe
    WorldMate for PocketPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86BF2E8C-959A-4D19-A248-A8A01AB4090D}\Setup.exe" -l0x9
    X2 - The Threat-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6199025-CBF8-4ACB-BEE9-D14EC1CCD731}\setup.exe" -l0x9 -uninst
    X² All In One Bonus Package 1.04--> "C:\Program Files\Enlight\X2 - The Threat\unins000.exe "
    X2 Sector Planner-->MsiExec.exe /I{CCCD0C60-DABA-4DAC-AC71-DF92BDB322E1}
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    Zuma (remove only)--> "C:\Program Files\Yahoo! Games\Zuma\Uninstall.exe "

    Hosts File Missing
    ======Security center information======

    AV: AVG Anti-Virus (disabled) (outdated)
    AV: Avira AntiVir PersonalEdition
    FW: Norton Internet Worm Protection (disabled)
    FW: COMODO Firewall Pro

    System event log

    Computer Name: TAMINAROSE
    Event Code: 7001
    Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Record Number: 54610
    Source Name: Service Control Manager
    Time Written: 20081208213326.000000-360
    Event Type: error
    User:

    Computer Name: TAMINAROSE
    Event Code: 7001
    Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Record Number: 54609
    Source Name: Service Control Manager
    Time Written: 20081208213325.000000-360
    Event Type: error
    User:

    Computer Name: TAMINAROSE
    Event Code: 7001
    Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Record Number: 54608
    Source Name: Service Control Manager
    Time Written: 20081208213325.000000-360
    Event Type: error
    User:

    Computer Name: TAMINAROSE
    Event Code: 7001
    Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Record Number: 54607
    Source Name: Service Control Manager
    Time Written: 20081208213325.000000-360
    Event Type: error
    User:

    Computer Name: TAMINAROSE
    Event Code: 7001
    Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


    Record Number: 54606
    Source Name: Service Control Manager
    Time Written: 20081208213324.000000-360
    Event Type: error
    User:

    Application event log

    Computer Name: TAMINAROSE
    Event Code: 1800
    Message: The Windows Security Center Service has started.

    Record Number: 12188
    Source Name: SecurityCenter
    Time Written: 20080906101633.000000-300
    Event Type: information
    User:

    Computer Name: TAMINAROSE
    Event Code: 4
    Message: The LightScribe Service started successfully.

    Record Number: 12187
    Source Name: LightScribeService
    Time Written: 20080906101632.000000-300
    Event Type: information
    User:

    Computer Name: TAMINAROSE
    Event Code: 101
    Message: Information Level: success

    Rolling back the schedule; execution will occur at approximately 10:21 AM.

    Record Number: 12186
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20080906101628.000000-300
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: TAMINAROSE
    Event Code: 101
    Message: Information Level: success

    Service started.

    Record Number: 12185
    Source Name: Automatic LiveUpdate Scheduler
    Time Written: 20080906101628.000000-300
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: TAMINAROSE
    Event Code: 105
    Message: The service was started.

    Record Number: 12184
    Source Name: ARSVC
    Time Written: 20080906101628.000000-300
    Event Type: information
    User:

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
    "windir "=%SystemRoot%
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION "=2f02
    "NUMBER_OF_PROCESSORS "=1
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP
    "SonicCentral "=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

    -----------------EOF-----------------
     

  3. to hide this advert.

  4. 2009/01/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Sharkapult
    Welcome to WindowsBBS.

    You are kind of loaded down with tool bars, I would remove any that you don't use.

    Now please do this.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    **NOTE - Allow ComboFix to update if prompted.


    Thanks
    Geri
     
    Geri,
    #3
  5. 2009/01/04
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    This computer won't connect to that download link, like most other links having to do with antivirus software. I have access to another computer Monday and will be able to post the results from that scan Monday Night.

    I'll try to convince my fiance to let me remove some of the toolbars.

    Thank you again for your time and effort!
     
  6. 2009/01/05
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Thank you again for your time, expertise, and patience!

    Combofix says I still have AVG on my computer when I uninstalled it a while ago and it is no longer in my uninstall list. I realize all the problems w/ multiple AV programs running at the same time.

    Here is the ComboFix Log:

    ComboFix 08-12-29.02 - HP_Administrator 2009-01-05 18:05:34.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.471 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\install\install.exe
    C:\xcrashdump.dat
    D:\Autorun.inf

    c:\windows\system32\winlogon.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
    .

    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
    2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
    2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
    2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
    2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
    2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
    2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
    2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
    2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-22 21:56 --------- d-----w c:\program files\Google
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
    "Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PCDrProfiler - (no file)
    Notify-__c0038F8C - c:\windows\system32\__c0038F8C.dat
    Notify-__c007F898 - c:\windows\system32\__c007F898.dat
    Notify-__c008005A - c:\windows\system32\__c008005A.dat
    Notify-__c00B5FE4 - c:\windows\system32\__c00B5FE4.dat
    Notify-__c00D95E8 - c:\windows\system32\__c00D95E8.dat
    Notify-__c00DEFB1 - c:\windows\system32\__c00DEFB1.dat
    Notify-__c00E9C81 - c:\windows\system32\__c00E9C81.dat


    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-05 18:14:30
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\windows\arservice.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exeQ
    c:\program files\COMODO\Firewall\cmdagent.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\DISC\DiscStreamHub.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-05 18:18:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-06 00:17:59

    Pre-Run: 141,729,157,120 bytes free
    Post-Run: 142,025,981,952 bytes free

    273 --- E O F --- 2008-12-18 14:43:13
     
  7. 2009/01/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK you need to run Combofix again.

    Please do so following these directions.

    Press Ctrl+Alt+Del twice at the welcome screen, then type Administrator for the username, enter the password (just press Enter if no password), then run ComboFix from that account.
    Note - You will have to logon to the Administrator account again after reboot so that CF can complete.

    Please post the log you get.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2009/01/06
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Hi again,

    This computer (running Windows XP) has only one account and it has administrator privileges. I press ctrl+alt+del twice at the windows welcome screen and it only shows the one account available.

    There is no-where for me to type administrator.

    When I run combofix again it does not ask me to re-boot.

    My google links appear to be working fine in IE and Firefox. I can also go to common AV websites. Here is the new Combofix log in case you need it.

    Should I run a Kapersky scan next?

    What else should I do?

    Thank you again for your patience and expertise


    ComboFix 08-12-29.02 - HP_Administrator 2009-01-06 19:34:59.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.550 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
    .

    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-12 06:23 . 2008-12-12 06:32 1,393 --a------ c:\windows\imsins.BAK
    2008-12-08 21:28 . 2008-12-08 21:28 <DIR> d-------- c:\program files\Crawler
    2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
    2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\program files\AVG
    2008-12-08 20:19 . 2008-12-08 20:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
    2008-12-08 20:19 . 2008-12-20 09:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-08 20:19 . 2008-12-08 20:19 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-08 20:19 . 2008-12-08 20:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
    2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
    2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
    2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-22 21:56 --------- d-----w c:\program files\Google
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-29 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    + 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    - 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
    + 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
    + 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-07 68856]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-05-07 11:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-08 97928]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-Aim6 - (no file)


    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
    FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-06 19:35:36
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(888)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(952)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2009-01-06 19:36:48
    ComboFix-quarantined-files.txt 2009-01-07 01:36:46
    ComboFix2.txt 2009-01-06 00:23:33
    ComboFix3.txt 2009-01-06 00:18:09

    Pre-Run: 141,941,665,792 bytes free
    Post-Run: 141,882,601,472 bytes free

    263 --- E O F --- 2008-12-18 14:43:13
     
  9. 2009/01/06
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
      • c:\documents and settings\HP_Administrator\nah_vnxr.exe
    • Click on the submit button
    • Please post the results in your next reply.


    Do you know what these are?
    C:\mekmakerdev24
    C:\MekHangarPreview004
    C:\megamekdevsvn20081116



    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
    c:\windows\imsins.BAK
    c:\windows\system32\drivers\Avg
    c:\windows\system32\drivers\avgldx86.sys
    c:\windows\system32\avgrsstx.dll
    
    Folder::
    c:\program files\AVG
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
    c:\documents and settings\All Users\Application Data\avg8
    c:\documents and settings\All Users\Application Data\Trymedia
    
    Driver::
    AvgLdx86
    avg8wd 
    Please post the results from Jotti, let me know about those folders and post the new Combofix log.

    Thanks
     
    Geri,
    #8
  10. 2009/01/07
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Hello,

    These three programs:
    C:\mekmakerdev24
    C:\MekHangarPreview004
    C:\megamekdevsvn20081116

    are all related to an online java-based BattleTech game I sometimes play. The first two are useless (downloaded from sourceforge.net) and I just have not deleted them yet and I have no attachment to them. The third is a version of the game.

    First the Jotti Log:

    Service load:
    0% 100%
    File: nah_vnxr.exe
    Status:
    INFECTED/MALWARE
    MD5: 1764fb0a53e21a75d60d73a855eea1db
    Packers detected:
    -
    Scanner results
    Scan taken on 07 Jan 2009 12:10:11 (GMT)
    A-Squared
    Found Trojan.Generic!IK
    AntiVir
    Found nothing
    ArcaVir
    Found nothing
    Avast
    Found nothing
    AVG Antivirus
    Found nothing
    BitDefender
    Found Trojan.Generic.1245657
    ClamAV
    Found nothing
    CPsecure
    Found nothing
    Dr.Web
    Found nothing
    F-Prot Antivirus
    Found nothing
    F-Secure Anti-Virus
    Found nothing
    G DATA
    Found Trojan.Generic.1245657
    Ikarus
    Found nothing
    Kaspersky Anti-Virus
    Found nothing
    NOD32
    Found nothing
    Norman Virus Control
    Found nothing
    Panda Antivirus
    Found Trj/Agent.LEM
    Sophos Antivirus
    Found nothing
    VirusBuster
    Found nothing
    VBA32
    Found Malware-Cryptor.Win32.General.4 (probable variant)

    Combofix Log:

    ComboFix 08-12-29.02 - HP_Administrator 2009-01-07 6:24:33.5 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.567 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -

    FILE ::
    c:\windows\imsins.BAK
    c:\windows\system32\avgrsstx.dll
    c:\windows\system32\drivers\Avg
    c:\windows\system32\drivers\avgldx86.sys
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\avg8
    c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
    c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
    c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
    c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
    c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
    c:\documents and settings\All Users\Application Data\avg8\dumps\avgwdsvc.exe_128732628823437500.dmp
    c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avguilog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
    c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
    c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
    c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
    c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
    c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\privlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\scanlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\cf.dat
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\ph.dat
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb.dat.xcd
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\sb2.dat
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat
    c:\documents and settings\All Users\Application Data\avg8\Lsdb\sc.dat.xcd
    c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
    c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
    c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
    c:\documents and settings\All Users\Application Data\Trymedia
    c:\documents and settings\All Users\Application Data\Trymedia\data\{A1C86C9F-DF01-A326-595A-1EE76EA95EF5}
    c:\documents and settings\All Users\Application Data\Trymedia\data\{AA7362A4-9510-8D7F-39A8-621528A6AC05}
    c:\documents and settings\All Users\Application Data\Trymedia\data\{BEB31D66-6091-E439-DCF9-CEF50F2AC771}
    c:\documents and settings\All Users\Application Data\Trymedia\data\{D82B3C88-31B2-AE5F-9471-4576A2BBC7CF}
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglinks.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avglogo.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgstatus_error.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\avgtoolbartb0502.cfg
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\brandlogo.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\COMBOSEARCH.acs
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\p_yahoo.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_off.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesearch_on.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_off.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\safesurf_on.bmp
    c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR\slider.bmp
    c:\program files\AVG
    c:\program files\AVG\AVG8\aAvgApi.exe
    c:\program files\AVG\AVG8\avg.snu
    c:\program files\AVG\AVG8\avg404.txt
    c:\program files\AVG\AVG8\avg7api.dll
    c:\program files\AVG\AVG8\avg8us.lng
    c:\program files\AVG\AVG8\avgabout.dll
    c:\program files\AVG\AVG8\avgapix.dll
    c:\program files\AVG\AVG8\avgbat.bav
    c:\program files\AVG\AVG8\avgcfgex.exe
    c:\program files\AVG\AVG8\avgcfgx.dll
    c:\program files\AVG\AVG8\avgcmgr.exe
    c:\program files\AVG\AVG8\avgcorex.dll
    c:\program files\AVG\AVG8\avgcrlpx.dll
    c:\program files\AVG\AVG8\avgdumpx.exe
    c:\program files\AVG\AVG8\avgf8us.chm
    c:\program files\AVG\AVG8\avgfrw.exe
    c:\program files\AVG\AVG8\avginet.dll
    c:\program files\AVG\AVG8\avgiproxy.exe
    c:\program files\AVG\AVG8\avglngx.dll
    c:\program files\AVG\AVG8\avglogx.dll
    c:\program files\AVG\AVG8\avgmail.dll
    c:\program files\AVG\AVG8\avgmvflx.dll
    c:\program files\AVG\AVG8\avgmwdef_us.mht
    c:\program files\AVG\AVG8\avgoff2k.dll
    c:\program files\AVG\AVG8\avgpp.dll
    c:\program files\AVG\AVG8\avgresf.dll
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgscanx.dll
    c:\program files\AVG\AVG8\avgscanx.exe
    c:\program files\AVG\AVG8\avgsched.dll
    c:\program files\AVG\AVG8\avgse.dll
    c:\program files\AVG\AVG8\avgsrmax.exe
    c:\program files\AVG\AVG8\avgsrmx.dll
    c:\program files\AVG\AVG8\avgssie.dll
    c:\program files\AVG\AVG8\avgtbapi.dll
    c:\program files\AVG\AVG8\avgtoolbar.dll
    c:\program files\AVG\AVG8\avgtray.exe
    c:\program files\AVG\AVG8\avgui.exe
    c:\program files\AVG\AVG8\avguiadv.dll
    c:\program files\AVG\AVG8\avguires.dll
    c:\program files\AVG\AVG8\avgupd.dll
    c:\program files\AVG\AVG8\avgupd.exe
    c:\program files\AVG\AVG8\avgvvx.dll
    c:\program files\AVG\AVG8\avgwd.dll
    c:\program files\AVG\AVG8\avgwdsvc.exe
    c:\program files\AVG\AVG8\avgwdwsc.dll
    c:\program files\AVG\AVG8\avgxch32.dll
    c:\program files\AVG\AVG8\avgxpl.dll
    c:\program files\AVG\AVG8\cfg\mail.cfg
    c:\program files\AVG\AVG8\contacts_us.html
    c:\program files\AVG\AVG8\dbghelp.dll
    c:\program files\AVG\AVG8\dfncfg.dat
    c:\program files\AVG\AVG8\fixcfg.exe
    c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
    c:\program files\AVG\AVG8\Icons\background_middle_green.gif
    c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
    c:\program files\AVG\AVG8\Icons\background_middle_red.gif
    c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
    c:\program files\AVG\AVG8\Icons\background_top_gray.gif
    c:\program files\AVG\AVG8\Icons\background_top_green.gif
    c:\program files\AVG\AVG8\Icons\background_top_orange.gif
    c:\program files\AVG\AVG8\Icons\background_top_red.gif
    c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
    c:\program files\AVG\AVG8\Icons\block-doc.gif
    c:\program files\AVG\AVG8\Icons\blocked.gif
    c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
    c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
    c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
    c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
    c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
    c:\program files\AVG\AVG8\Icons\border_top_gray.gif
    c:\program files\AVG\AVG8\Icons\border_top_green.gif
    c:\program files\AVG\AVG8\Icons\border_top_orange.gif
    c:\program files\AVG\AVG8\Icons\border_top_red.gif
    c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
    c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
    c:\program files\AVG\AVG8\Icons\box_top_red.gif
    c:\program files\AVG\AVG8\Icons\caution.gif
    c:\program files\AVG\AVG8\Icons\click_here_gray.gif
    c:\program files\AVG\AVG8\Icons\click_here_green.gif
    c:\program files\AVG\AVG8\Icons\click_here_orange.gif
    c:\program files\AVG\AVG8\Icons\click_here_red.gif
    c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
    c:\program files\AVG\AVG8\Icons\clock.gif
    c:\program files\AVG\AVG8\Icons\close.gif
    c:\program files\AVG\AVG8\Icons\icons_blocked.gif
    c:\program files\AVG\AVG8\Icons\icons_caution.gif
    c:\program files\AVG\AVG8\Icons\icons_close.gif
    c:\program files\AVG\AVG8\Icons\icons_safe.gif
    c:\program files\AVG\AVG8\Icons\icons_unknown.gif
    c:\program files\AVG\AVG8\Icons\icons_warning.gif
    c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
    c:\program files\AVG\AVG8\Icons\safe.gif
    c:\program files\AVG\AVG8\Icons\unknown.gif
    c:\program files\AVG\AVG8\Icons\warning.gif
    c:\program files\AVG\AVG8\license_us.txt
    c:\program files\AVG\AVG8\log\history.xml
    c:\program files\AVG\AVG8\setup.cfg
    c:\program files\AVG\AVG8\setup.dat
    c:\program files\AVG\AVG8\setup.exe
    c:\program files\AVG\AVG8\setupus.lns
    c:\program files\AVG\AVG8\ToolbarIEcache\avglinks.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\avglogo.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg
    c:\program files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesearch.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesurf.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp
    c:\program files\AVG\AVG8\ToolbarIEcache\slider.bmp
    c:\program files\AVG\AVG8\updatecomps.cfg
    c:\windows\imsins.BAK
    c:\windows\system32\avgrsstx.dll
    c:\windows\system32\drivers\avgldx86.sys

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
    .

    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll
    2008-12-08 20:19 . 2008-12-08 20:19 <DIR> d-------- c:\windows\system32\drivers\Avg
    2008-12-08 20:15 . 2008-12-08 20:24 <DIR> d-------- c:\program files\CCleaner
    2008-12-07 21:11 . 2008-12-07 21:11 <DIR> d-------- C:\mekmakerdev24
    2008-12-07 21:10 . 2008-12-07 21:10 <DIR> d-------- C:\MekHangarPreview004
    2008-12-07 21:04 . 2008-12-07 21:08 <DIR> d-------- C:\megamekdevsvn20081116

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 01:50 --------- d-----w c:\program files\Google
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-07 01:31:38 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-07 01:31:38 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-07 01:31:55 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_73c.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]

    *Newly Created Service* - CATCHME
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-07 06:24:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(888)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(952)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2009-01-07 6:25:26
    ComboFix-quarantined-files.txt 2009-01-07 12:25:24
    ComboFix2.txt 2009-01-07 12:20:27
    ComboFix3.txt 2009-01-07 01:36:49
    ComboFix4.txt 2009-01-06 00:23:33
    ComboFix5.txt 2009-01-07 12:24:16

    Pre-Run: 141,977,038,848 bytes free
    Post-Run: 141,912,485,888 bytes free

    477 --- E O F --- 2008-12-18 14:43:13
     
  11. 2009/01/07
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please delete the CFScript you have.

    Now do this.

    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    http://www.windowsbbs.com/malware-virus-removal/80128-active-another-browser-hijack-av-wont-update.html
    Suspect::[22]
    c:\documents and settings\HP_Administrator\nah_log.dat
    c:\documents and settings\HP_Administrator\nah_vnxr.exe
    
    Folder::
    C:\mekmakerdev24
    C:\MekHangarPreview004
    c:\windows\system32\drivers\Avg 
    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.**With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.
    • A browser will open.
    • Simply follow the instructions to copy/paste/send the requested file.

    Please post the combofix log.

    Thanks!
    Geri
     
  12. 2009/01/09
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Sorry it took me a while, but here goes.
    Thanks again!

    ComboFix 08-12-29.02 - HP_Administrator 2009-01-09 21:17:58.6 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.608 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript.txt
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\MekHangarPreview004
    c:\mekhangarpreview004\MekHangar-Preview-004\build.xml
    c:\mekhangarpreview004\MekHangar-Preview-004\data\conversion\mtf.txt
    c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Add24.png
    c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Play24.gif
    c:\mekhangarpreview004\MekHangar-Preview-004\data\images\Remove24.png
    c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\equipment.xml
    c:\mekhangarpreview004\MekHangar-Preview-004\data\rules\mech_tables.xml
    c:\mekhangarpreview004\MekHangar-Preview-004\lib\MegaMek.jar
    c:\mekhangarpreview004\MekHangar-Preview-004\lib\TinyXML.jar
    c:\mekhangarpreview004\MekHangar-Preview-004\license.txt
    c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar-MM.jar
    c:\mekhangarpreview004\MekHangar-Preview-004\MekHangar.jar
    c:\mekhangarpreview004\MekHangar-Preview-004\readme.txt
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\Equipment.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\exception\InsufficientCriticalException.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\CustomComboBox.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentChoicePanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentEditorPanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentInfoPanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\EquipmentItemPanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerButton.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\IntegerLabel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesigner.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MechDesignerFrame.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\AbstractIntegerModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ArmorTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\ChassisTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\CockpitTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EngineTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\EquipmentChoiceModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\GyroTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\HeatSinkTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\IntegerModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\InternalTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\LocationArmorModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\MyomerTypeModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\SlotAreaModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechBaseModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TechLevelModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\models\TonnageModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\MovementLabel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SelectionListener.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\SlotAreaPanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\gui\TonnageUsageLabel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesign.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\MechDesignListener.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\design\SlotArea.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AbstractStringModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\AmmoModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\EntityFileEditor.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\EntityFileEditorFrame.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\LocationStatusPanel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\gui\MechEditorDialog.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\LocationModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\MechEditor.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\force\PilotModel.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentData.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\EquipmentList.java
    c:\mekhangarpreview004\MekHangar-Preview-004\src\mekhangar\rules\MechTables.java
    C:\mekmakerdev24
    c:\mekmakerdev24\mekmaker-dev-24\lib\swing-layout-1.0.jar
    c:\mekmakerdev24\mekmaker-dev-24\MekMaker.jar
    c:\mekmakerdev24\mekmaker-dev-24\README.TXT
    c:\mekmakerdev24\mekmaker-dev-24\source\build.xml
    c:\mekmakerdev24\mekmaker-dev-24\source\license.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\manifest.mf
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-prop-base
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-props
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\build-impl.xml.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\genfiles.properties.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.properties.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\text-base\project.xml.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\build-impl.xml.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\genfiles.properties.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.properties.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\.svn\wcprops\project.xml.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\build-impl.xml
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\genfiles.properties
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.properties
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\private\private.xml
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.properties~
    c:\mekmakerdev24\mekmaker-dev-24\source\nbproject\project.xml
    c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractComponent.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerJPanel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractDesignerTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\AbstractIntegerValueLookup.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\CockpitTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\DesignerMainTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EngineTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\EventHandler.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GenericSetGetInterface.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\GyroTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\InternalStructureTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MainWindowManager.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\MotiveTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TableRowSelectionListener.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\prop-base\TechnologyBases.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractComponent.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerJPanel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractDesignerTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\AbstractIntegerValueLookup.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\CockpitTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\DesignerMainTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EngineTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\EventHandler.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GenericSetGetInterface.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\GyroTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\InternalStructureTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MainWindowManager.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\MotiveTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TableRowSelectionListener.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\props\TechnologyBases.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractComponent.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerJPanel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractDesignerTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractEntity.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\AbstractIntegerValueLookup.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorPoint.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\ArmorTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\BTCalc.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CockpitTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\CriticalSlot.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\DesignerMainTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EngineTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\EventHandler.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GenericSetGetInterface.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\GyroTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\HeatSinkTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\InternalStructureTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MainWindowManager.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\MotiveTypes.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\Section.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TableRowSelectionListener.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\text-base\TechnologyBases.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractComponent.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerJPanel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractDesignerTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractEntity.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\AbstractIntegerValueLookup.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorPoint.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\ArmorTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\BTCalc.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CockpitTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\CriticalSlot.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\DesignerMainTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EngineTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\EventHandler.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GenericSetGetInterface.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\GyroTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\HeatSinkTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\InternalStructureTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MainWindowManager.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\MotiveTypes.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\Section.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TableRowSelectionListener.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\.svn\wcprops\TechnologyBases.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractComponent.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesigner.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerJPanel.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractDesignerTreeNode.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractEntity.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\AbstractIntegerValueLookup.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorPoint.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\ArmorTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\BTCalc.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CockpitTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\CriticalSlot.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\DesignerMainTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EngineTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\EventHandler.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GenericSetGetInterface.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\GyroTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\HeatSinkTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\InternalStructureTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MainWindowManager.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\MotiveTypes.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\Section.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TableRowSelectionListener.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\TechnologyBases.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\prop-base\EngineTableModel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\props\EngineTableModel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\text-base\EngineTableModel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\.svn\wcprops\EngineTableModel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\EngineTableModel.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\prop-base\InternalStructureTableModel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\props\InternalStructureTableModel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\text-base\InternalStructureTableModel.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\.svn\wcprops\InternalStructureTableModel.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\common\totalwarfare\mech\InternalStructureTableModel.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareBattleMechDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareIndustrialMechDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\prop-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareBattleMechDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareIndustrialMechDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\props\TotalWarfareInfantryPlatoonDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareBattleMechDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareIndustrialMechDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\text-base\TotalWarfareInfantryPlatoonDesigner.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareBattleMechDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareIndustrialMechDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\.svn\wcprops\TotalWarfareInfantryPlatoonDesigner.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\InfantryPlatoonOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechArmor.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechChassis.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechEngine.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareBattleMechOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\prop-base\TotalWarfareIndustrialMechOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\InfantryPlatoonOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechArmor.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechArmor.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechChassis.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechChassis.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEngine.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechEngine.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareBattleMechOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMechOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\props\TotalWarfareIndustrialMechOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\InfantryPlatoonOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechArmor.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechChassis.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechEngine.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechHeatSinks.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareBattleMechOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\text-base\TotalWarfareIndustrialMechOverview.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\InfantryPlatoonOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechArmor.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechArmor.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechChassis.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechChassis.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechEngine.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechEngine.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechHeatSinks.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechHeatSinks.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareBattleMechOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrialMechOverview.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\.svn\wcprops\TotalWarfareIndustrialMechOverview.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\InfantryPlatoonOverview.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechArmor.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechChassis.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechEngine.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechHeatSinks.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareBattleMechOverview.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\gui\TotalWarfareIndustrialMechOverview.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareBattleMechDesigner.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareIndustrialMechDesigner.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\TotalWarfareInfantryPlatoonDesigner.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\prop-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechArmorTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechChassisTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\props\TotalWarfareBattleMechEngineTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechArmorTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechChassisTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechEngineTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\text-base\TotalWarfareBattleMechHeatSinksTreeNode.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechArmorTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechChassisTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechEngineTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\.svn\wcprops\TotalWarfareBattleMechHeatSinksTreeNode.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechArmorTreeNode.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechChassisTreeNode.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechEngineTreeNode.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\designer\treenode\TotalWarfareBattleMechHeatSinksTreeNode.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\dir-wcprops
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\empty-file
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\entries
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\format
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\MainJFrame.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\prop-base\NewDesignDialog.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\MainJFrame.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\props\NewDesignDialog.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\README.txt
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\MainJFrame.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.form.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\text-base\NewDesignDialog.java.svn-base
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\MainJFrame.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.form.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\.svn\wcprops\NewDesignDialog.java.svn-work
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\MainJFrame.java
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.form
    c:\mekmakerdev24\mekmaker-dev-24\source\src\com\mekmaker\gui\NewDesignDialog.java
    c:\windows\system32\drivers\Avg
    c:\windows\system32\drivers\Avg\avi7.avg
    c:\windows\system32\drivers\Avg\incavi.avm
    c:\windows\system32\drivers\Avg\microavi.avg
    c:\windows\system32\drivers\Avg\miniavi.avg

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
    .

    2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 01:50 --------- d-----w c:\program files\Google
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
    2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-10 03:12:14 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-10 03:12:14 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-10 03:12:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=

    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
    .
    .
     
  13. 2009/01/09
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-09 21:23:23
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(884)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(944)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2009-01-09 21:23:56
    ComboFix-quarantined-files.txt 2009-01-10 03:23:53
    ComboFix2.txt 2009-01-07 12:25:27
    ComboFix3.txt 2009-01-07 12:20:27
    ComboFix4.txt 2009-01-07 01:36:49
    ComboFix5.txt 2009-01-10 03:17:02

    Pre-Run: 141,973,721,088 bytes free
    Post-Run: 141,907,619,840 bytes free

    646 --- E O F --- 2008-12-18 14:43:13
     
  14. 2009/01/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Please delete the CFScript you have.


    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    RootKit::
    C:\Windows\system32\drivers\TDSSpqlt.sys 
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    **NOTE - Allow ComboFix to update if prompted.


    Now click on "Start" > "Run" copy and paste this into the run box and click OK, a file named HKLMSS.txt will appear on your desktop, please copy and paste the contents of that here.
    Code:
    regedit /e  "%userprofile%\desktop\HKLMSS.txt"  "HKEY_LOCAL_MACHINE\System\Select" 
    Please post the CF log and the contents of the HKLMSS.txt file

    Thanks
    Geri
     
  15. 2009/01/11
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Here goes:

    Combofix: When it re-booted I realized I forgot to set my firewall to not run on re-start. I closed it quickly but I don't know if it effected anything.

    ComboFix 08-12-29.02 - HP_Administrator 2009-01-11 11:29:41.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.607 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\TDSSpqlt.sys

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
    .

    2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 01:50 --------- d-----w c:\program files\Google
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-11 15:54:03 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    + 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    - 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
    + 2009-01-07 01:28:44 45,568 ----a-w c:\windows\system32\mshta.exe
    + 2009-01-11 15:54:25 29,696 ----a-w c:\windows\system32\TDSShrxx.dll
    + 2009-01-11 15:54:31 2,710 ----a-w c:\windows\system32\TDSSlxwp.dll
    + 2009-01-11 15:54:25 35,840 ----a-w c:\windows\system32\TDSSoiqt.dll
    + 2009-01-11 15:54:27 31,232 ----a-w c:\windows\system32\TDSSvkql.dll
    + 2009-01-11 15:54:29 61,440 ----a-w c:\windows\system32\TDSSxfum.dll
    + 2009-01-11 17:31:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
    "COMODO Firewall Pro "= "c:\program files\COMODO\Firewall\cfp.exe" [2008-06-05 1572608]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=

    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 11:32:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\windows\arservice.exe
    c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\program files\COMODO\Firewall\cmdagent.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    c:\windows\ehome\mcrdsvc.exe
    c:\program files\DISC\DiscStreamHub.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-11 11:37:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-11 17:37:16
    ComboFix2.txt 2009-01-10 03:23:58
    ComboFix3.txt 2009-01-07 12:25:27
    ComboFix4.txt 2009-01-07 12:20:27
    ComboFix5.txt 2009-01-11 17:28:53

    Pre-Run: 141,966,721,024 bytes free
    Post-Run: 141,902,913,536 bytes free

    261 --- E O F --- 2008-12-18 14:43:13

    HKLMSS:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\System\Select]
    "Current "=dword:00000001
    "Default "=dword:00000001
    "Failed "=dword:00000000
    "LastKnownGood "=dword:00000003
     
  16. 2009/01/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Combofix should have prompted you to update why did you not let it do so? we need to have a updated version.

    Please run it again not using the script and let it update.

    Geri
     
  17. 2009/01/11
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Combofix did not actively prompt me to update. I would have let it do so otherwise.

    Thanks again!

    ComboFix 08-12-29.02 - HP_Administrator 2009-01-11 13:53:35.8 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.578 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\OomboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
    FW: Norton Internet Worm Protection *disabled*
    FW: COMODO Firewall Pro *enabled*
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\TDSShrxx.dll
    c:\windows\system32\TDSSkkai.log
    c:\windows\system32\TDSSlxwp.dll
    c:\windows\system32\TDSSmtvd.dat
    c:\windows\system32\TDSSoiqt.dll
    c:\windows\system32\TDSSvkql.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
    .

    2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\program files\Avira
    2008-12-20 11:29 . 2008-12-20 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts
    2008-12-13 10:52 . 2008-12-13 10:52 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 01:50 --------- d-----w c:\program files\Google
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-17 15:03 26,144 ----a-w c:\documents and settings\HP_Administrator\nah_log.dat
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
    2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 80,384 ----a-w c:\documents and settings\HP_Administrator\nah_vnxr.exe
    2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-05_18.16.34.37 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-01-06 00:13:33 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2009-01-11 15:54:03 16,384 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-06 00:13:33 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-11 15:54:03 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-11 17:31:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_770.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
    "mount.exe "= "c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
    "avgnt "= "c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\explorer.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=

    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-06-05 87312]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-06-05 23824]
    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys []
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;\??\c:\pcdr5\PCD5SRVC.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe []
    S4 Viewpoint Manager Service;Viewpoint Manager Service; "c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
    .
    .
    ------- Supplementary Scan -------
    .
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: *.trymedia.com
    WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll
    WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\Microsoft ActiveSync\CENetFlt.dll

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\3nc20dzk.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 13:54:00
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
    "imagepath "= "\systemroot\system32\drivers\TDSSpqlt.sys "
    .
    Completion time: 2009-01-11 13:56:20
    ComboFix-quarantined-files.txt 2009-01-11 19:55:02
    ComboFix2.txt 2009-01-11 17:37:51
    ComboFix3.txt 2009-01-10 03:23:58
    ComboFix4.txt 2009-01-07 12:25:27
    ComboFix5.txt 2009-01-11 19:53:15

    Pre-Run: 141,951,766,528 bytes free
    Post-Run: 141,888,577,536 bytes free

    268 --- E O F --- 2008-12-18 14:43:13
     
  18. 2009/01/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK this can be very hard to get rid of.

    We need to see CF run in a normal fashion instead of reduced functionality.

    Please delete current copy of ComboFix and download a fresh one. Save it to the drive root; Local Disk C:

    Reboot to safe mode and logon to the Admininstrator account.
    Run ComboFix and if it restarts the machine, force it back to safe mode and logon to the Administrator account again to let ComboFix finish.
    When done, boot back to normal mode and post the C:\ComboFix.txt log

    Thanks
    Geri
     
  19. 2009/01/14
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Combofix kept detecting avira running and I couldn't get it stop running, so I just un-installed it.

    Otherwise here is the log,

    Thank you again!

    ComboFix 09-01-13.04 - Administrator 2009-01-14 19:57:59.11 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.772 [GMT -6:00]
    Running from: C:\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning disabled* (Outdated)
    FW: COMODO Firewall Pro *enabled*
    FW: Norton Internet Worm Protection *disabled*
    .

    ((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
    .

    2009-01-14 19:54 . 2009-01-14 19:54 3,039,899 -ra------ C:\ComboFix.exe
    2009-01-11 13:53 . 2009-01-11 13:56 <DIR> d-------- C:\OomboFix
    2009-01-09 12:43 . 2009-01-09 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2009-01-03 07:53 . 2009-01-03 07:55 <DIR> d-------- C:\rsit
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\GiPo@Utilities
    2008-12-20 11:20 . 2008-12-20 11:20 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
    2008-12-20 11:19 . 2008-12-20 11:19 <DIR> d-------- c:\windows\Downloaded Installations
    2008-12-20 11:06 . 2008-12-20 11:06 <DIR> d-------- c:\program files\Trend Micro
    2008-12-20 09:43 . 2008-12-20 09:47 <DIR> d-------- C:\hosts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-07 01:50 --------- d-----w c:\program files\Google
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\mshta.exe
    2009-01-07 01:28 45,568 ----a-w c:\windows\system32\dllcache\mshta.exe
    2008-12-22 22:25 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
    2008-12-13 16:52 410,984 ----a-w c:\windows\system32\deploytk.dll
    2008-12-13 16:52 --------- d-----w c:\program files\Java
    2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dwwin.exe
    2008-12-09 03:32 180,224 ----a-w c:\windows\system32\dllcache\dwwin.exe
    2008-12-09 02:24 --------- d-----w c:\program files\CCleaner
    2008-12-06 01:52 --------- d-----w c:\program files\AIM6
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
    2008-12-06 01:52 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
    2008-12-06 01:51 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-11-30 18:47 295,424 ----a-w c:\windows\system32\termsrv.dll
    2008-11-29 23:55 --------- d-----w c:\program files\Yahoo! Games
    2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
    2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-02 03:31 28,868,320 ----a-w c:\program files\FileFormatConverters.exe
    2007-12-20 15:24 15,452,536 ----a-w c:\program files\IE7-WindowsXP-x86-enu.exe
    2008-08-20 04:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
    .

    ------- Sigcheck -------

    2005-03-10 01:49 295424 c29a5286e64d97385178452d5f307b98 c:\windows\$NtServicePackUninstall$\termsrv.dll
    2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
    2008-11-30 12:47 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
    "HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
    "DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
    "HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
    "regcmdcons "= "c:\hp\bin\cloaker.exe" [1999-11-07 27136]
    "HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
    "CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
    "ISUSPM Startup "= "c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "DISCover "= "c:\program files\DISC\DISCover.exe" [2007-10-30 1095256]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
    "SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "= c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM "= mobilev.acm
    "vidc.ffds "= ffdshow.ax

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
    backup=c:\windows\pss\Updates From HP.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^ListProAlarms.lnk]
    path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ListProAlarms.lnk
    backup=c:\windows\pss\ListProAlarms.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
    --a------ 2008-10-31 13:22 50480 c:\program files\AIM6\aim6.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 15:01 67584 c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    --a------ 2005-02-02 15:44 61440 c:\hp\KBD\kbd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-03-21 13:19 69632 c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    --a------ 2005-07-22 16:14 237568 c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    -ra------ 2003-09-30 00:14 155648 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2006-08-17 11:02 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
    --a------ 2005-08-02 17:19 77312 c:\windows\arpwrmsg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gravis Xperience Driver Support]
    --a------ 2002-02-26 09:05 36864 c:\windows\system32\grxp4exe.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-01-24 20:15 1519616 c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-03-08 05:54 16010240 c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service "=2 (0x2)
    "usnjsvc "=3 (0x3)
    "UPS "=3 (0x3)
    "TapiSrv "=2 (0x2)
    "mnmsrvc "=3 (0x3)
    "gusvc "=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
    "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\LimeWire\\LimeWire.exe "=
    "c:\\Program Files\\Messenger\\msmsgs.exe "=
    "c:\\Program Files\\Lionhead Studios Ltd\\Black & White\\runblack.exe "=
    "c:\\WINDOWS\\system32\\javaw.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\DISC\\DISCover.exe "=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
    "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "c:\\WINDOWS\\system32\\sessmgr.exe "=

    R1 kid_sys;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\KID_SYS.sys [2007-08-14 11920]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
    S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-06-05 87312]
    S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-06-05 23824]
    S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2007-08-14 30920]
    S3 ntxpusb;Gravis USB device driver;c:\windows\system32\drivers\ntxpusb.sys [2007-08-14 266432]
    S3 PCD5SRVC{4E6EB9F3-2B32408D-05010004};PCD5SRVC{4E6EB9F3-2B32408D-05010004} - PCDR Kernel Mode Service Helper Driver;c:\pcdr5\pcd5srvc.pkms [2006-09-25 28336]
    S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-10 24652]
    .
    .
    ------- Supplementary Scan -------
    .
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    mWindow Title = Windows Internet Explorer provided by Comcast
    IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
    Trusted Zone: *.trymedia.com

    c:\windows\system32\msvcrt.dll - c:\windows\system32\snbdpl1.dll
    c:\windows\system32\snbd10dm.dll
    c:\windows\system32\igsnrn22.dll
    c:\windows\system32\igsnpb22.dll
    c:\windows\system32\igsnol22.dll
    c:\windows\system32\igsncm22.dll
    c:\windows\system32\browser.exa
    c:\windows\system32\Acgm.Dll
    O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7}
    hxxp://www.webmap.niu.edu/campus/ACGM/Acgm.cab
    c:\windows\Downloaded Program Files\acgm.inf
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-14 20:01:36
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{4E6EB9F3-2B32408D-05010004}]
    "ImagePath "= "\??\c:\pcdr5\PCD5SRVC.pkms "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(256)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(312)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2009-01-14 20:06:20
    ComboFix-quarantined-files.txt 2009-01-15 02:06:18
    ComboFix2.txt 2009-01-11 19:56:22
    ComboFix3.txt 2009-01-11 17:37:51
    ComboFix4.txt 2009-01-10 03:23:58
    ComboFix5.txt 2009-01-15 01:10:04

    Pre-Run: 143,885,971,456 bytes free
    Post-Run: 143,870,017,536 bytes free

    245 --- E O F --- 2009-01-14 02:54:06
     
  20. 2009/01/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK good.

    Now do this.

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin


    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Now lets get a on line scan.

    Please do an online scan with Kaspersky WebScanner

    It's best to disable real time protection applications as they sometimes interfere with the scan.
    Check this link for any applicable programs you may have.

    Click on “Accept” If your pop –up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the “Scan Report” On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
  21. 2009/01/16
    Sharkapult

    Sharkapult Inactive Thread Starter

    Joined:
    2008/12/20
    Messages:
    14
    Likes Received:
    0
    Here's the Kapersky report

    Thank you again for your time!

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Friday, January 16, 2009
    Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Friday, January 16, 2009 00:24:14
    Records in database: 1628094
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics:
    Files scanned: 254919
    Threat name: 5
    Infected objects: 5
    Suspicious objects: 0
    Duration of the scan: 04:09:45


    File name / Threat name / Threats count
    C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqlt.sys.vir Infected: Backdoor.Win32.TDSS.bkw 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSShrxx.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSoiqt.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
    C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSvkql.dll.vir Infected: Backdoor.Win32.TDSS.atb 1

    The selected area was scanned.
     
    Last edited: 2009/01/16

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.