Unable to install hijack this/malware antimalware

[markz]

I used a laptop to download the setup files of the to systems you asked to install. I copied them via usb memory card to desktop of the PC infected but I was unable to start the setup program. I double click on the exe icons and nothing happens? Any suggestions to get these to install on infected pc?

[markz]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:35:17 PM, on 2/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.trymedia.com (HKLM)

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Component 1: (no name) - http://www.hrwc.org/text/buffer.htm#

O24 - Desktop Component 2: (no name) - http://www.everyculture.com/multi/images/gema_02_img0137.jpg

O24 - Desktop Component 3: (no name) - http://www.ushmm.org/lcmedia/photo/wlc/image/74/74907.jpg

--

End of file - 14113 bytes

2/10/2009 3:23:12 PM Scan Started: 02/10/2009 03:23:12 PM

2/10/2009 5:15:52 PM "K:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL" "Adware-WebSearch" "5"

2/10/2009 5:29:44 PM Total objects scanned: 448522

2/10/2009 5:29:44 PM Objects detected: 1

2/10/2009 5:29:44 PM Scan Done: 02/10/2009 05:29:44 PM

2/12/2009 4:53:41 PM Scan Started: 02/12/2009 04:53:41 PM

2/12/2009 7:15:41 PM Total objects scanned: 450241

2/12/2009 7:15:41 PM Objects detected: 0

2/12/2009 7:15:41 PM Scan Done: 02/12/2009 07:15:41 PM

2/13/2009 9:53:41 PM Scan Started: 02/13/2009 09:53:41 PM

2/13/2009 9:54:48 PM "C:\xyephkl.exe" "Generic!Artemis" "5"

2/13/2009 10:02:18 PM "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\J0TAQR2M\bbsuper3[1].htm" "Generic!Artemis" "5"

2/13/2009 10:02:50 PM "C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\OR8N7CL1\721F[2].EXE" "Generic Downloader.x" "5"

2/13/2009 10:02:50 PM "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\OR8N7CL1\721f[2].exe" "Generic Downloader.x" "5"

2/13/2009 10:04:03 PM "C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\UPW9YCDD\ppzzra[1].htm" "Generic!Artemis" "5"

2/13/2009 10:26:17 PM Total objects scanned: 59212

2/13/2009 10:26:17 PM Objects detected: 4

2/13/2009 10:26:17 PM Scan Done: 02/13/2009 10:26:17 PM

2/13/2009 11:58:41 PM Scan Started: 02/13/2009 11:58:41 PM

2/14/2009 12:52:18 AM "C:\WINDOWS\SYSTEM32\A.EXE" "Generic.dx" "5"

2/14/2009 12:52:18 AM "C:\WINDOWS\system32\a.exe" "Generic.dx" "5"

2/14/2009 12:52:34 AM "C:\WINDOWS\system32\delugwgh.ini" "Vundo!grb" "5"

2/14/2009 12:53:05 AM "C:\WINDOWS\SYSTEM32\KWCKOIGE.DLL" "Vundo" "5"

2/14/2009 12:53:05 AM "C:\WINDOWS\system32\kwckoige.dll" "Vundo" "5"

2/14/2009 12:53:51 AM "C:\WINDOWS\SYSTEM32\SQEEIG.DLL" "Vundo" "5"

2/14/2009 12:53:51 AM "C:\WINDOWS\system32\sqeeig.dll" "Vundo" "5"

2/14/2009 6:55:26 AM Total objects scanned: 314681

2/14/2009 6:55:26 AM Objects detected: 4

2/14/2009 6:55:26 AM Scan Done: 02/14/2009 06:55:26 AM

2/14/2009 11:39:29 AM Scan Started: 02/14/2009 11:39:29 AM

2/14/2009 11:39:31 AM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 11:39:43 AM "C:\WINDOWS\SYSTEM32\UACBYQDYOUL.DLL" "Generic.dx" "5"

2/14/2009 11:39:48 AM "C:\WINDOWS\system32\UACbyqdyoul.dll" "Generic.dx" "5"

2/14/2009 11:39:51 AM "C:\WINDOWS\SYSTEM32\UACQHXFMQHU.DLL" "Generic.dx" "5"

2/14/2009 11:39:51 AM "C:\WINDOWS\system32\UACqhxfmqhu.dll" "Generic.dx" "5"

2/14/2009 12:44:06 PM Total objects scanned: 206517

2/14/2009 12:44:06 PM Objects detected: 3

2/14/2009 12:44:06 PM Scan Done: 02/14/2009 12:44:06 PM

2/14/2009 3:56:57 PM Scan Started: 02/14/2009 03:56:57 PM

2/14/2009 3:57:05 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 3:59:40 PM Total objects scanned: 53580

2/14/2009 3:59:40 PM Objects detected: 1

2/14/2009 3:59:40 PM Scan Done: 02/14/2009 03:59:40 PM

2/14/2009 4:01:36 PM Scan Started: 02/14/2009 04:01:36 PM

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:01:37 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 4:03:29 PM Total objects scanned: 53574

2/14/2009 4:03:29 PM Objects detected: 1

2/14/2009 4:03:29 PM Scan Done: 02/14/2009 04:03:29 PM

2/14/2009 5:31:29 PM Scan Started: 02/14/2009 05:31:29 PM

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:31:30 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"

2/14/2009 5:33:43 PM Total objects scanned: 53606

2/14/2009 5:33:43 PM Objects detected: 1

2/14/2009 5:33:43 PM Scan Done: 02/14/2009 05:33:43 PM

[markz]

strange that malwarebytes software installed fine but only would let me run scan via right click of mouse on icon vs. double click and opening program?

[markz]

I just restarted computer and it is hanging after login loading personal settings...sounds like the malware is recreating itself again

[markz]

Here is the file post reboot, I can not run maleware? will not open when I double click

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:13:45 PM, on 2/14/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Program Files\DISC\DISCover.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM6\aim6.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\perce.jpg.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.trymedia.com (HKLM)

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Component 1: (no name) - http://www.hrwc.org/text/buffer.htm#

O24 - Desktop Component 2: (no name) - http://www.everyculture.com/multi/images/gema_02_img0137.jpg

O24 - Desktop Component 3: (no name) - http://www.ushmm.org/lcmedia/photo/wlc/image/74/74907.jpg

--

End of file - 16431 bytes

[Tigger93]

Hi.

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1

Link 2

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HijackThis log in your next reply

Note: Do not mouseclick Combofix's window while its running. That may cause it to stall

[markz]

when I copy to the infected computer via usb memory stick - it will not start the program? any suggestions

[markz]

The program I tried was combo fix

[Tigger93]

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

• Close ALL OTHER PROGRAMS.
  
• Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  
• Click the Scan All Users checkbox on the toolbar.
  
• Do not change any other settings.
  
• Now click the Run Scan button on the toolbar.
  
• Let it run unhindered until it finishes.
  
• When the scan is complete Notepad will open with the report file loaded in it.
  
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  
• Close Notepad (saving the change if necessary).
  

Use the Add Reply button and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt2 folder and named OTScanIt.txt.

I will review it when it comes in.

[markz]

Sorry here is the attached file

OTScanIt.Txt

OTScanIt.Txt

[Tigger93]

Copy and paste this into the fix box (where it says "Paste fix here"):

[Kill Explorer][Registry - Safe List]< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\YY -> {930e7881-d9f3-4293-a24b-23a80c013378} [HKLM] -> %SystemRoot%\system32\fejokt.dll [Win32-DNSChanger]YN -> {b987b0ed-0100-43ec-a7af-c4809917a096} [HKLM] -> %SystemRoot%\system32\iifgDsPJ.dll [Reg Error: Value  does not exist or could not be read.]YN -> {eb9e70c9-7845-44ca-b13f-309a7a2f160d} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBarYN -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> "{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\YN -> ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]YN -> WebBrowser\\"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYN -> "Gpipoqip" -> %SystemRoot%\Ydewewa.DLL [rundll32.exe "C:\WINDOWS\Ydewewa.dll",e]YY -> "Jdezif" -> %SystemRoot%\uronotijihano.dll [rundll32.exe "C:\WINDOWS\uronotijihano.dll",e]< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYY -> "Cognac" -> %UserProfile%\Local Settings\Temp\perce.jpg.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\perce.jpg.exe]YN -> "sysguard" -> %SystemRoot%\sysguard.exe [C:\WINDOWS\sysguard.exe]YN -> "systeminit.exe" -> %SystemDrive%\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\systeminit.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\systeminit.exe]< Run [HKEY_USERS\s-1-5-21-1461198548-2230015632-2064481986-1007\] > -> HKEY_USERS\s-1-5-21-1461198548-2230015632-2064481986-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\RunYY -> "Cognac" -> %UserProfile%\Local Settings\Temp\perce.jpg.exe [C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\perce.jpg.exe]YN -> mp\TEMPOR~1\Content.IE5\0PQ3YR8D.SH! c:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\HP_ADM~1\LOCALS~1\temp\TEMPOR~1.SH!] -> [2007/12/04 12:32:24 | 00,111,904 | ---- | M] ()< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\YN -> CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [internet Connection Help]< Internet Explorer Extensions [HKEY_USERS\.default\] > -> HKEY_USERS\.default\Software\Microsoft\Internet Explorer\Extensions\YN -> CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.]< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication PackagesYY -> C:\WINDOWS\system32\iifgDsPJ -> < LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages< Drives with AutoRun files > -> NY -> L:\autorun.inf [[AutoRun] |;liHKs4dji2ajLdwK3l2s5rUdc4wiswSak0a3Jww9o3d8LOlfwLo2wlw0iKlrJkkDlk5sqadDA3 | open=qphdin.com |;w2cJLolaak02fes3ls5rdJssKcaD31 | shell\open\Command=qphdin.com | ] -> L:\autorun.inf [ FAT ]< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2YN -> \{27cfd0da-fb77-11dd-ba0e-0018f328986c}\shell\autorun\command\\"" -> L:\qphdin.com [L:\qphdin.com]YN -> \{27cfd0da-fb77-11dd-ba0e-0018f328986c} -> YN -> \{27cfd0da-fb77-11dd-ba0e-0018f328986c}\shell\open\command\\"" -> L:\qphdin.com [L:\qphdin.com]YN -> \{78d35d2d-84e1-11db-a12c-0018f328986c} -> YN -> \{78d35d2d-84e1-11db-a12c-0018f328986c}\shell\autorun\command\\"" -> M:\opgde.exe [M:\opgde.exe]YN -> \{78d35d2d-84e1-11db-a12c-0018f328986c} -> YN -> \{78d35d2d-84e1-11db-a12c-0018f328986c}\shell\open\command\\"" -> M:\opgde.exe [M:\opgde.exe]YN -> \{915392f4-8c0f-11dc-b9a0-0018f328986c} -> YN -> \{915392f4-8c0f-11dc-b9a0-0018f328986c}\Shell\AutoRun\command\\"" -> L:\m0vnonh.bat [L:\m0vnonh.bat]YN -> \{915392f4-8c0f-11dc-b9a0-0018f328986c} -> YN -> \{915392f4-8c0f-11dc-b9a0-0018f328986c}\Shell\open\Command\\"" -> L:\m0vnonh.bat [L:\m0vnonh.bat][Files/Folders - Created Within 30 Days]NY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmpNY -> 2 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmpNY -> ComboFix.exe -> %UserProfile%\My Documents\ComboFix.exeNY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exeNY -> qyysbnoi.dll -> %SystemRoot%\System32\qyysbnoi.dllNY -> mal.exe -> %UserProfile%\Desktop\mal.exeNY -> dphmqm.dll -> %SystemRoot%\System32\dphmqm.dllNY -> nldakesr.dll -> %SystemRoot%\System32\nldakesr.dllNY -> stinger10000482.exe -> %UserProfile%\Desktop\stinger10000482.exeNY -> hgwguled.dll -> %SystemRoot%\System32\hgwguled.dllNY -> {AA6D833A-7201-4C37-8D74-434C27FCBC5A} -> %UserProfile%\Local Settings\Application Data\{AA6D833A-7201-4C37-8D74-434C27FCBC5A}NY -> uronotijihano.dll -> %SystemRoot%\uronotijihano.dllNY -> m3.ico -> %SystemRoot%\System32\m3.icoNY -> m.ico -> %SystemRoot%\System32\m.icoNY -> s.ico -> %SystemRoot%\System32\s.icoNY -> Search Online.url -> %UserProfile%\Desktop\Search Online.urlNY -> Cheap Pharmacy Online.url -> %UserProfile%\Desktop\Cheap Pharmacy Online.urlNY -> sf.ico -> %SystemRoot%\System32\sf.icoNY -> c.ico -> %SystemRoot%\System32\c.icoNY -> p.ico -> %SystemRoot%\System32\p.icoNY -> VIP Casino.url -> %UserProfile%\Desktop\VIP Casino.urlNY -> SMS TRAP.url -> %UserProfile%\Desktop\SMS TRAP.urlNY -> Cheap Software.url -> %UserProfile%\Desktop\Cheap Software.urlNY -> fejokt.dll -> %SystemRoot%\System32\fejokt.dllNY -> 2e2b3e3f.sys -> %SystemRoot%\System32\drivers\2e2b3e3f.sysNY -> -522833432 -> %SystemDrive%\-522833432NY -> fpojki.dll -> %SystemRoot%\System32\fpojki.dllNY -> abwxwvgu.dll -> %SystemRoot%\System32\abwxwvgu.dllNY -> eqoslukm.dll -> %SystemRoot%\System32\eqoslukm.dllNY -> qgzpdn.dll -> %SystemRoot%\System32\qgzpdn.dllNY -> fhmkfrde.dll -> %SystemRoot%\System32\fhmkfrde.dllNY -> rqRJCRLf.dll -> %SystemRoot%\System32\rqRJCRLf.dllNY -> xxyvvTjH.dll -> %SystemRoot%\System32\xxyvvTjH.dllNY -> ileojnro.dll -> %SystemRoot%\System32\ileojnro.dllNY -> JPsDgfii.ini2 -> %SystemRoot%\System32\JPsDgfii.ini2NY -> JPsDgfii.ini -> %SystemRoot%\System32\JPsDgfii.iniNY -> iifgDsPJ.dll.vir -> %SystemRoot%\System32\iifgDsPJ.dll.virNY -> nnnkHWoP.dll -> %SystemRoot%\System32\nnnkHWoP.dll[Files/Folders - Modified Within 30 Days]NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmpNY -> 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmpNY -> 2 C:\Documents and Settings\HP_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator\My Documents\*.tmpNY -> 99 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmpNY -> 99 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Administrator\Local Settings\Temp\*.tmpNY -> 18 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> 18 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> 18 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmpNY -> 2e2b3e3f.sys -> %SystemRoot%\System32\drivers\2e2b3e3f.sysNY -> ComboFix.exe -> %UserProfile%\My Documents\ComboFix.exeNY -> ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exeNY -> yig-wcrx.cmdline -> %SystemRoot%\Temp\yig-wcrx.cmdlineNY -> yig-wcrx.dll -> %SystemRoot%\Temp\yig-wcrx.dllNY -> qyysbnoi.dll -> %SystemRoot%\System32\qyysbnoi.dllNY -> nldakesr.dll -> %SystemRoot%\System32\nldakesr.dllNY -> dphmqm.dll -> %SystemRoot%\System32\dphmqm.dllNY -> hgwguled.dll -> %SystemRoot%\System32\hgwguled.dllNY -> uronotijihano.dll -> %SystemRoot%\uronotijihano.dllNY -> m3.ico -> %SystemRoot%\System32\m3.icoNY -> m.ico -> %SystemRoot%\System32\m.icoNY -> s.ico -> %SystemRoot%\System32\s.icoNY -> Search Online.url -> %UserProfile%\Desktop\Search Online.urlNY -> Cheap Pharmacy Online.url -> %UserProfile%\Desktop\Cheap Pharmacy Online.urlNY -> sf.ico -> %SystemRoot%\System32\sf.icoNY -> c.ico -> %SystemRoot%\System32\c.icoNY -> p.ico -> %SystemRoot%\System32\p.icoNY -> VIP Casino.url -> %UserProfile%\Desktop\VIP Casino.urlNY -> SMS TRAP.url -> %UserProfile%\Desktop\SMS TRAP.urlNY -> Cheap Software.url -> %UserProfile%\Desktop\Cheap Software.urlNY -> fejokt.dll -> %SystemRoot%\System32\fejokt.dllNY -> -522833432 -> %SystemDrive%\-522833432NY -> imsins.BAK -> %SystemRoot%\imsins.BAKNY -> fpojki.dll -> %SystemRoot%\System32\fpojki.dllNY -> abwxwvgu.dll -> %SystemRoot%\System32\abwxwvgu.dllNY -> EDC85A -> %SystemRoot%\System32\EDC85ANY -> eqoslukm.dll -> %SystemRoot%\System32\eqoslukm.dllNY -> qgzpdn.dll -> %SystemRoot%\System32\qgzpdn.dllNY -> fhmkfrde.dll -> %SystemRoot%\System32\fhmkfrde.dllNY -> rqRJCRLf.dll -> %SystemRoot%\System32\rqRJCRLf.dllNY -> xxyvvTjH.dll -> %SystemRoot%\System32\xxyvvTjH.dllNY -> ileojnro.dll -> %SystemRoot%\System32\ileojnro.dllNY -> iifgDsPJ.dll.vir -> %SystemRoot%\System32\iifgDsPJ.dll.virNY -> nnnkHWoP.dll -> %SystemRoot%\System32\nnnkHWoP.dllNY -> perce.jpg.exe -> %UserProfile%\Local Settings\Temp\perce.jpg.exeNY -> stinger10000482.exe -> %UserProfile%\Desktop\stinger10000482.exeNY -> vmpremov.exe -> %UserProfile%\Local Settings\Temp\vmpremov.exeNY -> Au_.exe -> %UserProfile%\Local Settings\Temp\~nsu.tmp\Au_.exeNY -> vmgrremok.exe -> %UserProfile%\Local Settings\Temp\vmgrremok.exeNY -> GLB1A2B.EXE -> %UserProfile%\Local Settings\Temp\GLB1A2B.EXE[Alternate Data Streams]NY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptableNY -> @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptableNY -> @Alternate Data Stream - 139 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2NY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\Desktop\015_12A.JPG:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\lifeslim.jwl:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\Meggan and Jordan.jwl:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\ROOTS 2007.jwl:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\rootsdvd.jwl:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\TIMBERLEE 2007.jwl:Roxio EMC StreamNY -> @Alternate Data Stream - 76 bytes -> %UserProfile%\My Documents\undefined.jwl:Roxio EMC Stream[Purity][Empty Temp Folders][start Explorer]

Then run the fix. Please post the log that it produces here.

[markz]

how long should it take to run the hour glass spinning - and the bottom says fix running

[Tigger93]

It might take a while, just let it run but if its stuck for more than 15 minutes, then post let me know.

[markz]

the fix is still running I think it is hung, there are no icons on my desktop as well behind the program which is strange as well

[Tigger93]

Can you try running the fix in safe mode (restart your computer and tap [F8] then select safe mode) and see if it works?

[markz]

It's running now

[markz]

Still running I think something is wrong over an hour

[markz]

in windows task manager it has two instances of otscanit2 running but both are not responding

[markz]

Had to do a hard power off out of safe mode and then I went back into safe mode - here is the new scan file

OTScanIt2.Txt

OTScanIt2.Txt

[Tigger93]

• Download FixPolicies.exe by Bill Castner and save it to your desktop.
  
• Double click on FixPolicies.exe to run it.
  
• Click on Install. It will create a folder named FixPolicies on your desktop.
  
• Open the FixPolicies folder.
  
• Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly this is normal.
  
• Reboot your computer after it runs
  
• This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.
  
• Note: some malware will block the running of this tool. So if you cannot run Fixpolicies, then, RENAME the EXE file to something like Mytool.exe and then run it.
  

--------------

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  
• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
  

--------------

Download Lop S&D from here

• Double-click Lop S&D.exe
• Choose the language, then choose Option 1 (Search)
  
• Wait till the scan completes
  
• Post the log which is created: (%SystemDrive%\lopR.txt)
  

[markz]

do you want me to do the above in safe mode or normal mode

[Tigger93]

Normal mode please if you can.

[markz]

ran the fix policies - ran fine...I brought up IE and the win32dnschanger did not redirect my browser... went to load the next couple of programs and the computer was froze.. Hard reboot in process

[markz]

Logfile of random's system information tool 1.05 (written by random/random)

Run by HP_Administrator at 2009-02-15 15:38:33

Microsoft Windows XP Professional Service Pack 3

System drive C: has 220 GB (74%) free of 296 GB

Total RAM: 2046 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:38:36 PM, on 2/15/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\McAfee\MBK\MBackMonitor.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\Program Files\McAfee\VirusScan\McShield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe

C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\HPZinw12.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.trymedia.com (HKLM)

O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe

O23 - Service: HP Status Server (hp status server) - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_ADM~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

O24 - Desktop Component 1: (no name) - http://www.hrwc.org/text/buffer.htm#

O24 - Desktop Component 2: (no name) - http://www.everyculture.com/multi/images/gema_02_img0137.jpg

O24 - Desktop Component 3: (no name) - http://www.ushmm.org/lcmedia/photo/wlc/image/74/74907.jpg

--

End of file - 15316 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1164562113.job

C:\WINDOWS\tasks\full12608.job

C:\WINDOWS\tasks\McDefragTask.job

C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478d38-c3f9-4efb-9b51-7695eca05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]

SSVHelper Class - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 440056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]

hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fdad4da1-61a2-4fd8-9c17-86f7ac245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

"ftutil2"=C:\WINDOWS\system32\ftutil2.dll [2004-06-07 106496]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-06-23 86016]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-06-23 81920]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]

"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]

"Reminder"=C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]

"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-24 180269]

"Auto Run Software for Photo Frame"=C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe [2006-08-04 2110464]

"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-10-20 1687552]

""= []

"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe [2005-10-21 163840]

"DISCover"=C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 385024]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]

"MBkLogOnHook"=C:\Program Files\McAfee\MBK\LogOnHook.exe [2007-01-08 20480]

"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2007-01-16 4838952]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]

"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-10-22 1885464]

"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-06-12 2321600]

"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE [2007-12-04 111904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-06-23 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"

"C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe"="C:\Program Files\Common Files\PocketSoft\RTPatch\AutoRTP\artpschd.exe:*:Enabled:artpschd"

"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe"="C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"

"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"

"E:\setup\HPONICIFS01.EXE"="E:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"

"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"

"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"

"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"

"C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

shell\p\command - Explorer File="\Click Here.htm"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27cfd0da-fb77-11dd-ba0e-0018f328986c}]

shell\autorun\command - qphdin.com

shell\open\command - qphdin.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78d35d2d-84e1-11db-a12c-0018f328986c}]

shell\autorun\command - M:\opgde.exe

shell\open\command - M:\opgde.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{915392f4-8c0f-11dc-b9a0-0018f328986c}]

shell\AutoRun\command - L:\m0vnonh.bat

shell\open\command - L:\m0vnonh.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c20363e5-fba8-11dd-ba12-0018f328986c}]

shell\autorun\command - N:\qphdin.com

shell\open\command - N:\qphdin.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7acb777-67b7-11db-a101-806d6172696f}]

shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-02-15 15:38:33 ----D---- C:\rsit

2009-02-15 11:29:36 ----D---- C:\_OTScanIt

2009-02-14 17:19:02 ----D---- C:\Program Files\Trend Micro

2009-02-14 15:51:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-14 15:51:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-14 15:50:08 ----D---- C:\WINDOWS\CSC

2009-02-14 12:53:51 ----A---- C:\WINDOWS\system32\qyysbnoi.dll

2009-02-14 10:36:20 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-13 23:09:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!

2009-02-13 23:09:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

2009-02-13 23:09:27 ----D---- C:\Program Files\CCleaner

2009-02-13 19:01:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-13 19:00:54 ----D---- C:\Program Files\Spyware Doctor

2009-02-13 19:00:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools

2009-02-13 18:59:25 ----A---- C:\WINDOWS\system32\mcrh.tmp

2009-02-13 18:27:07 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-02-13 18:27:07 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-13 18:18:09 ----A---- C:\WINDOWS\system32\dphmqm.dll

2009-02-13 18:18:08 ----A---- C:\WINDOWS\system32\nldakesr.dll

2009-02-13 18:15:11 ----A---- C:\WINDOWS\system32\hgwguled.dll

2009-02-12 15:13:17 ----A---- C:\WINDOWS\system32\fpojki.dll

2009-02-12 15:13:16 ----A---- C:\WINDOWS\system32\abwxwvgu.dll

2009-02-11 15:10:14 ----N---- C:\WINDOWS\system32\eqoslukm.dll

2009-02-11 15:07:37 ----A---- C:\WINDOWS\system32\qgzpdn.dll

2009-02-11 15:07:35 ----A---- C:\WINDOWS\system32\fhmkfrde.dll

2009-02-10 19:51:50 ----A---- C:\WINDOWS\system32\rqRJCRLf.dll

2009-02-10 19:51:44 ----A---- C:\WINDOWS\system32\xxyvvTjH.dll

2009-02-10 17:54:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\McAfee

2009-02-10 09:02:13 ----N---- C:\WINDOWS\system32\ileojnro.dll

2009-02-10 09:02:11 ----A---- C:\WINDOWS\system32\ebf5f539-.txt

2009-02-10 09:01:07 ----ASH---- C:\WINDOWS\system32\JPsDgfii.ini2

2009-02-10 09:01:07 ----ASH---- C:\WINDOWS\system32\JPsDgfii.ini

2009-02-10 09:01:05 ----A---- C:\WINDOWS\system32\iifgDsPJ.dll.vir

2009-02-10 08:55:57 ----A---- C:\WINDOWS\system32\nnnkHWoP.dll

2009-01-27 22:07:19 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2009-02-15 15:37:04 ----D---- C:\WINDOWS\Temp

2009-02-15 15:35:32 ----D---- C:\WINDOWS

2009-02-15 15:31:10 ----D---- C:\WINDOWS\system32

2009-02-15 15:31:08 ----D---- C:\WINDOWS\Registration

2009-02-15 15:30:51 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-15 14:19:05 ----D---- C:\WINDOWS\system32\drivers

2009-02-15 12:53:17 ----HD---- C:\Config.Msi

2009-02-15 12:51:14 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-15 10:11:12 ----D---- C:\WINDOWS\Prefetch

2009-02-15 09:13:25 ----D---- C:\Python22

2009-02-15 09:12:30 ----D---- C:\Program Files\Viewpoint

2009-02-15 09:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint

2009-02-15 09:12:11 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint

2009-02-15 09:11:01 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks

2009-02-15 09:10:39 ----SHD---- C:\WINDOWS\Installer

2009-02-15 09:09:01 ----HD---- C:\Program Files\InstallShield Installation Information

2009-02-14 17:19:02 ----D---- C:\Program Files

2009-02-14 10:32:20 ----D---- C:\WINDOWS\system32\Restore

2009-02-14 10:15:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-02-14 10:15:45 ----HD---- C:\WINDOWS\inf

2009-02-14 10:15:44 ----SD---- C:\WINDOWS\Tasks

2009-02-14 10:09:39 ----D---- C:\Program Files\Google

2009-02-14 09:54:03 ----SHD---- C:\System Volume Information

2009-02-13 23:13:16 ----D---- C:\WINDOWS\Minidump

2009-02-13 21:22:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-13 18:17:33 ----D---- C:\WINDOWS\WinSxS

2009-02-13 15:52:51 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-02-13 15:51:57 ----D---- C:\WINDOWS\system

2009-02-12 16:44:28 ----D---- C:\Program Files\HP

2009-02-12 16:43:43 ----D---- C:\Program Files\DivX

2009-02-12 16:42:52 ----A---- C:\WINDOWS\imsins.BAK

2009-02-10 18:16:06 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-10 17:54:13 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee

2009-02-01 12:54:57 ----A---- C:\WINDOWS\cdplayer.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-20 311680]

R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []

R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []

R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []

R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]

R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]

R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-20 119168]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]

R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-10-29 8413]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-20 27264]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]

R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-09 9728]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2006-04-13 168064]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]

R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]

R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]

R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]

R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]

R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]

R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-20 27136]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]

R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]

R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]

S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]

S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-06-23 1095680]

S3 ikfilesec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2009-02-13 40840]

S3 iksysflt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2009-02-13 66952]

S3 iksyssec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2009-02-13 81288]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S4 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-10-21 50176]

S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]

R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

R2 ELService;Intel® Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]

R2 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2007-01-16 71208]

R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]

R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]

R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]

R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]

R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-10-21 155648]

R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]

R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]

R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-10-21 864256]

S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-10-21 229376]

S2 RoxUpnpServer;RoxUpnpServer; C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe [2005-10-21 405504]

S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]

S3 hp status server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]

S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 RoxUPnPRenderer;RoxUpnpRenderer; C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe [2005-10-21 45056]

S3 sdauxservice;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]

S3 sdcoreservice;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-02-13 1079176]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-15 15:38:38

======Uninstall list======

-->"C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"

-->"C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"

-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"

-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"

-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"

-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"

-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"

-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"

-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"

-->"C:\Program Files\HP Games\FATE\Uninstall.exe"

-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"

-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"

-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"

-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"

-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"

-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"

-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"

-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"

-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"

-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"

-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"

-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"

-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"

-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"

-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"

-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}

-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}

-->MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}

-->MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}

-->MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}

-->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}

-->MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}

-->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}

-->MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe

[markz]

Here is the last log - let me know how everything looks

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6300 @ 1.86GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : HP_Administrator ( Administrator )

BOOT : Normal boot

Antivirus : McAfee VirusScan (Activated)

Firewall : McAfee Personal Firewall (Activated)

C:\ (Local Disk) - NTFS - Total:289 Go (Free:215 Go)

D:\ (Local Disk) - FAT32 - Total:8 Go (Free:0 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (Local Disk) - NTFS - Total:332 Go (Free:127 Go)

K:\ (Local Disk) - NTFS - Total:40 Go (Free:10 Go)

L:\ (USB)

M:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

N:\ (USB) - FAT - Total:462 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Sun 02/15/2009|15:41 )

--------------------\\ Listing folders in APPLIC~1

[11/14/2005|07:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[08/24/2006|01:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intuit

[11/14/2005|07:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[08/24/2006|01:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real

[12/26/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore

[10/07/2008|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[12/26/2008|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL

[12/26/2008|01:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads

[12/15/2006|04:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP

[01/17/2008|10:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[10/29/2006|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[08/24/2006|01:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Digital Interactive Systems Corporation

[08/24/2006|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard

[07/18/2007|07:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP

[08/24/2006|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield

[08/24/2006|01:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit

[10/29/2006|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak

[02/14/2009|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[02/10/2009|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee

[11/01/2008|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com

[02/14/2009|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[12/27/2007|03:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSScanAppDataDir

[12/27/2008|04:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NortonInstaller

[12/16/2006|09:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA

[01/27/2009|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage

[05/20/2007|08:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio

[08/24/2006|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI

[10/29/2006|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic

[02/14/2009|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[02/15/2009|03:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[02/15/2009|09:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[12/21/2006|06:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent

[10/30/2006|07:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[02/13/2009|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[11/14/2005|07:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities

[08/24/2006|01:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intuit

[11/14/2005|07:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[08/24/2006|01:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real

[12/15/2006|04:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> acccore

[04/29/2008|07:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Adobe

[01/13/2007|10:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> AdobeAUM

[11/07/2006|07:53] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> AdobeUM

[11/18/2006|04:04] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Aim

[11/27/2008|11:33] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> alot

[10/29/2007|12:39] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Apple Computer

[12/25/2006|10:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Atari

[01/27/2008|08:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Backup MyPC

[12/25/2007|07:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> CyberLink

[01/03/2007|02:49] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Google

[04/10/2007|08:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Help

[11/25/2006|04:23] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Hewlett-Packard

[07/18/2007|07:39] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> HP

[11/04/2006|02:35] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> HPQ

[10/29/2006|10:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Identities

[08/24/2006|01:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Intuit

[10/29/2006|11:59] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Leadertech

[10/29/2006|08:08] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Macromedia

[02/10/2009|05:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> McAfee

[05/20/2007|05:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Microsoft

[02/15/2009|09:11] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Move Networks

[02/13/2009|07:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> PC Tools

[11/29/2007|04:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Real

[01/27/2008|09:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Roxio

[10/29/2006|10:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Share-to-Web Upload Folder

[12/02/2006|02:40] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Sonic

[10/29/2006|08:34] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Sun

[11/05/2006|10:06] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Template

[03/09/2008|10:02] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Uniblue

[02/15/2009|09:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Viewpoint

[10/30/2006|03:58] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> WildTangent

[02/13/2009|11:09] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Yahoo!

[01/12/2009|09:25] C:\DOCUME~1\Joe\APPLIC~1\<DIR> acccore

[12/21/2008|10:41] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Adobe

[11/06/2008|04:57] C:\DOCUME~1\Joe\APPLIC~1\<DIR> alot

[11/06/2008|06:52] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Apple Computer

[11/06/2008|04:58] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Google

[11/06/2008|05:46] C:\DOCUME~1\Joe\APPLIC~1\<DIR> HP

[11/14/2005|07:04] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Identities

[08/24/2006|01:54] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Intuit

[11/06/2008|04:57] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Macromedia

[01/12/2009|08:20] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Microsoft

[11/06/2008|06:49] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Real

[11/06/2008|04:56] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Roxio

[11/06/2008|05:17] C:\DOCUME~1\Joe\APPLIC~1\<DIR> Viewpoint

[11/01/2008|07:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Adobe

[11/01/2008|07:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google

[11/01/2008|07:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia

[08/24/2006|01:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/29/2006|11:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Roxio

[08/24/2006|01:12] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/15/2009 01:34 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job

[02/01/2009 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job

[01/27/2008 09:39 AM][---------] C:\WINDOWS\tasks\full12608.job

[03/01/2007 06:39 PM][---------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1164562113.job

[02/10/2009 02:43 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[02/15/2009 03:30 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/10/2004 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( full12608.job )=( C:\ProgramFiles\Sonic\BackupMyPC )

--------------------\\ Listing Folders in C:\Program Files

[10/07/2008|04:10] C:\Program Files\<DIR> Adobe

[12/16/2006|11:15] C:\Program Files\<DIR> AIM

[12/26/2008|01:36] C:\Program Files\<DIR> AIM6

[06/20/2007|06:26] C:\Program Files\<DIR> All-Pro Software

[10/27/2008|05:23] C:\Program Files\<DIR> alot

[11/18/2006|04:04] C:\Program Files\<DIR> AOD

[12/27/2008|04:49] C:\Program Files\<DIR> AOL

[08/19/2008|08:29] C:\Program Files\<DIR> Apple Software Update

[07/21/2007|07:51] C:\Program Files\<DIR> Atari

[12/31/2008|03:37] C:\Program Files\<DIR> AviSynth 2.5

[01/17/2008|10:55] C:\Program Files\<DIR> Bonjour

[02/13/2009|11:09] C:\Program Files\<DIR> CCleaner

[12/26/2008|01:36] C:\Program Files\<DIR> Common Files

[11/11/2005|04:56] C:\Program Files\<DIR> ComPlus Applications

[08/24/2006|01:37] C:\Program Files\<DIR> CONEXANT

[11/06/2007|05:10] C:\Program Files\<DIR> DISC

[02/12/2009|04:43] C:\Program Files\<DIR> DivX

[11/06/2007|05:19] C:\Program Files\<DIR> Electronic Arts

[08/24/2006|01:16] C:\Program Files\<DIR> EnglishOtto

[12/31/2008|03:36] C:\Program Files\<DIR> eRightSoft

[08/24/2006|01:16] C:\Program Files\<DIR> GemMaster

[02/14/2009|10:09] C:\Program Files\<DIR> Google

[07/18/2007|07:31] C:\Program Files\<DIR> Hewlett-Packard

[02/12/2009|04:44] C:\Program Files\<DIR> HP

[08/24/2006|01:45] C:\Program Files\<DIR> HP DigitalMedia Archive

[12/21/2006|06:02] C:\Program Files\<DIR> HP Games

[02/15/2009|09:09] C:\Program Files\<DIR> InstallShield Installation Information

[08/24/2006|01:35] C:\Program Files\<DIR> Intel

[12/22/2008|03:07] C:\Program Files\<DIR> Internet Explorer

[01/17/2008|10:56] C:\Program Files\<DIR> iPod

[01/17/2008|10:57] C:\Program Files\<DIR> iTunes

[08/31/2008|11:24] C:\Program Files\<DIR> Java

[12/06/2006|08:07] C:\Program Files\<DIR> Kodak

[02/14/2009|05:54] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[11/06/2007|05:17] C:\Program Files\<DIR> Maxis

[11/06/2008|04:54] C:\Program Files\<DIR> McAfee

[11/01/2008|08:14] C:\Program Files\<DIR> McAfee.com

[12/18/2008|03:07] C:\Program Files\<DIR> Messenger

[01/09/2007|08:08] C:\Program Files\<DIR> Microsoft ActiveSync

[11/14/2005|07:06] C:\Program Files\<DIR> microsoft frontpage

[11/23/2006|09:10] C:\Program Files\<DIR> Microsoft Money 2006

[01/09/2007|08:07] C:\Program Files\<DIR> Microsoft Office

[11/11/2006|08:11] C:\Program Files\<DIR> Microsoft Works

[01/09/2007|08:07] C:\Program Files\<DIR> Microsoft.NET

[12/17/2008|08:52] C:\Program Files\<DIR> Movie Maker

[11/14/2005|07:07] C:\Program Files\<DIR> MSN

[08/24/2006|01:51] C:\Program Files\<DIR> MSN Encarta Standard

[11/14/2005|07:07] C:\Program Files\<DIR> MSN Gaming Zone

[11/15/2006|06:41] C:\Program Files\<DIR> MSXML 4.0

[08/24/2006|01:44] C:\Program Files\<DIR> music_now

[08/24/2006|01:54] C:\Program Files\<DIR> muvee Technologies

[12/15/2008|08:25] C:\Program Files\<DIR> myfantasyleague

[12/17/2008|08:49] C:\Program Files\<DIR> NetMeeting

[08/24/2006|01:44] C:\Program Files\<DIR> Netscape

[06/20/2007|06:34] C:\Program Files\<DIR> Northbyte

[08/24/2006|02:05] C:\Program Files\<DIR> Online Services

[12/17/2008|08:49] C:\Program Files\<DIR> Outlook Express

[08/24/2006|02:02] C:\Program Files\<DIR> PC-Doctor 5 for Windows

[08/24/2006|02:02] C:\Program Files\<DIR> PC-Doctor for DOS

[12/25/2006|11:28] C:\Program Files\<DIR> Philips

[05/10/2008|08:27] C:\Program Files\<DIR> Photo Viewer

[08/24/2006|01:54] C:\Program Files\<DIR> Quicken

[01/17/2008|10:54] C:\Program Files\<DIR> QuickTime

[12/06/2008|12:02] C:\Program Files\<DIR> ReadIris

[10/29/2006|10:54] C:\Program Files\<DIR> Real

[12/13/2008|03:08] C:\Program Files\<DIR> Rhapsody

[10/29/2006|11:15] C:\Program Files\<DIR> Roxio

[05/13/2007|01:10] C:\Program Files\<DIR> Sonic

[02/14/2009|10:10] C:\Program Files\<DIR> Spybot - Search & Destroy

[02/13/2009|11:39] C:\Program Files\<DIR> Spyware Doctor

[02/14/2009|05:19] C:\Program Files\<DIR> Trend Micro

[03/09/2008|10:09] C:\Program Files\<DIR> Uniblue

[11/11/2005|04:56] C:\Program Files\<DIR> Uninstall Information

[08/24/2006|01:58] C:\Program Files\<DIR> Updates from HP

[02/15/2009|09:12] C:\Program Files\<DIR> Viewpoint

[08/24/2006|01:46] C:\Program Files\<DIR> WildTangent

[08/25/2007|03:36] C:\Program Files\<DIR> Windows Media Player

[12/17/2008|08:49] C:\Program Files\<DIR> Windows NT

[11/14/2005|07:08] C:\Program Files\<DIR> Windows Plus

[11/11/2005|04:56] C:\Program Files\<DIR> WindowsUpdate

[11/14/2005|07:08] C:\Program Files\<DIR> xerox

[08/24/2006|02:06] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[10/07/2008|04:10] C:\Program Files\Common Files\<DIR> Adobe

[12/27/2008|04:49] C:\Program Files\Common Files\<DIR> AOL

[01/17/2008|10:52] C:\Program Files\Common Files\<DIR> Apple

[01/09/2007|08:08] C:\Program Files\Common Files\<DIR> DESIGNER

[11/25/2006|04:20] C:\Program Files\Common Files\<DIR> Hewlett-Packard

[08/24/2006|01:40] C:\Program Files\Common Files\<DIR> HP

[05/20/2007|08:16] C:\Program Files\Common Files\<DIR> InstallShield

[08/24/2006|01:54] C:\Program Files\Common Files\<DIR> Intuit

[08/24/2006|01:20] C:\Program Files\Common Files\<DIR> Java

[12/06/2006|08:06] C:\Program Files\Common Files\<DIR> Kodak

[12/26/2006|12:10] C:\Program Files\Common Files\<DIR> LightScribe

[08/24/2006|01:50] C:\Program Files\Common Files\<DIR> LS Getting Started

[11/01/2008|08:14] C:\Program Files\Common Files\<DIR> McAfee

[12/15/2008|08:50] C:\Program Files\Common Files\<DIR> Microsoft Shared

[11/14/2005|07:06] C:\Program Files\Common Files\<DIR> MSSoap

[08/24/2006|01:53] C:\Program Files\Common Files\<DIR> muvee Technologies

[12/15/2006|04:35] C:\Program Files\Common Files\<DIR> Nullsoft

[11/14/2005|07:06] C:\Program Files\Common Files\<DIR> ODBC

[08/24/2006|01:54] C:\Program Files\Common Files\<DIR> Palo Alto Software

[08/24/2006|01:43] C:\Program Files\Common Files\<DIR> Real

[05/20/2007|08:18] C:\Program Files\Common Files\<DIR> Roxio Shared

[10/29/2006|11:30] C:\Program Files\Common Files\<DIR> Scanner

[11/14/2005|07:06] C:\Program Files\Common Files\<DIR> Services

[12/26/2008|01:36] C:\Program Files\Common Files\<DIR> Software Update Utility

[05/13/2007|01:10] C:\Program Files\Common Files\<DIR> Sonic Shared

[11/14/2005|07:06] C:\Program Files\Common Files\<DIR> SpeechEngines

[10/29/2006|08:51] C:\Program Files\Common Files\<DIR> Symantec Shared

[12/17/2008|08:49] C:\Program Files\Common Files\<DIR> System

[08/24/2006|01:43] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 71 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrator@advertising[2].txt

C:\WINDOWS\Tasks\full12608.job

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

--------------------\\ Searching for other infections

C:\WINDOWS\system32\JPsDgfii.ini

C:\WINDOWS\system32\JPsDgfii.ini2

C:\WINDOWS\system32\iifgDsPJ.dll.vir

==> VUNDO <==

[F:208][D:21]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp

[F:154][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies

[F:1063][D:6]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Sun 02/15/2009|15:44 - Option : [1]

--------------------\\ Scan completed at 15:44:40