Jump to content

Real Antivirus Help


Ethan

Recommended Posts

Yea well recently, I have had a problem with a virus that leaves an annoying image on my desktop that I can't change. It also keeps doing popups. It also just recently closed MBAM on me while I was an hour into performing a full scan. Please help? Here is my most recent quickscan log from MBAM:

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 2

1/14/2009 4:55:16 PM

mbam-log-2009-01-14 (16-55-16).txt

Scan type: Quick Scan

Objects scanned: 61727

Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---

And my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:02:44 PM, on 1/14/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\frmwrk32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TeamViewer3\TeamViewer_Service.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\system32\ntdll64.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

c:\program files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

Hi. :lol:

Download ComboFix from one of the locations below, and save it to your Desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Link to post
Share on other sites

First of all, hello, and thanks, I didn't think I'd get a reply :lol:.

Second, combofix did not produce a log for me, rather, it asked me to write 3 links down to my system32, and then proceeded to restart my computer which is the reason for my delay. The links are as follows:

C:\WINDOWS\system32\drivers\senekapjyobilm.sys

C:\WINDOWS\system32\senekapqyyouge.dll

C:\WINDOWS\system32\senekaxgoergsn.dll

And then as for HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:32, on 2009-01-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\frmwrk32.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TeamViewer3\TeamViewer_Service.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\ntdll64.exe

c:\program files\Mozilla Firefox\firefox.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

I am sorry for the delay, however, bumping your topic 5 times in a day is over excessive. I don't spend all day posting on these forums, I am a volunteer. People sometimes wait a few days for assistance. I deleted your other topic.

Please delete your current copy of Combofix, download a new one, and see if it will run this time.

Link to post
Share on other sites

Ok it ran, and first of all, I'm sorry it's just that our family needs the computer all the time and this virus just kept getting worse. Sorry..

2nd off..

ComboFix 09-01-13.04 - HP_Administrator 2009-01-15 16:36:38.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.510 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Outdated)

FW: Norton 360 *enabled*

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\HP_Administrator\Application Data\FunWebProducts

c:\documents and settings\HP_Administrator\Application Data\FunWebProducts\Data\HP_Administrator\avatar.dat

c:\documents and settings\HP_Administrator\Application Data\PPATCH~1

c:\documents and settings\HP_Administrator\err.log

c:\documents and settings\HP_Administrator\Favorites\SMS TRAP.url

c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat

c:\documents and settings\HP_Administrator\Start Menu\SMS TRAP.url

c:\program files\Common Files\fnts~1

c:\program files\tsks~1

c:\temp\0c2

c:\temp\0c2\tmpFF.log

c:\temp\brr

c:\temp\brr\tmpZTF.log

c:\temp\tn3

c:\windows\Downloaded Program Files\setup.inf

c:\windows\IE4 Error Log.txt

c:\windows\system32\ahhwypap.ini

c:\windows\system32\ahtn.htm

c:\windows\system32\amrqdsrj.ini

c:\windows\system32\auekqvex.ini

c:\windows\system32\bbeeg.bak1

c:\windows\system32\bbeeg.bak2

c:\windows\system32\bbeeg.ini

c:\windows\system32\bbeeg.ini2

c:\windows\system32\bbeeg.tmp

c:\windows\system32\biaygxrh.ini

c:\windows\system32\bplaxwgd.ini

c:\windows\system32\craausra.ini

c:\windows\system32\cwuioacb.ini

c:\windows\system32\cycjugmx.ini

c:\windows\system32\dbamimyi.ini

c:\windows\system32\dfgnjtup.ini

c:\windows\system32\drivers\npf.sys

c:\windows\system32\drivers\seneka.sys

c:\windows\system32\dumphive.exe

c:\windows\system32\dunhmcod.ini

c:\windows\system32\dviwroua.ini

c:\windows\system32\egkhfghq.ini

c:\windows\system32\frmwrk32.exe

c:\windows\system32\fsgmlcih.ini

c:\windows\system32\getfn32.dll

c:\windows\system32\imjrxdqe.ini

c:\windows\system32\ipqrknpg.ini

c:\windows\system32\istxncgh.ini

c:\windows\system32\ivwkkcpc.ini

c:\windows\system32\jhqcdkdh.ini

c:\windows\system32\juuwmruk.ini

c:\windows\system32\kwesbdjm.ini

c:\windows\system32\lchpupyb.tmp

c:\windows\system32\lchpupyb.tmp2

c:\windows\system32\liwogbta.ini

c:\windows\system32\lxdldkom.ini

c:\windows\system32\movbkuxx.ini

c:\windows\system32\norqgbqh.ini

c:\windows\system32\ntdll64.exe

c:\windows\system32\ofnruckc.ini

c:\windows\system32\Process.exe

c:\windows\system32\puceuvab.ini

c:\windows\system32\qegloeuq.ini

c:\windows\system32\qreaggir.ini

c:\windows\system32\rqjafnyd.ini

c:\windows\system32\rswiunjg.ini

c:\windows\system32\rvrawsey.ini

c:\windows\system32\seneka.dat

c:\windows\system32\senekadf.dat

c:\windows\system32\senekalog.dat

c:\windows\system32\shhfwhtv.ini

c:\windows\system32\SrchSTS.exe

c:\windows\system32\T1

c:\windows\system32\T11

c:\windows\system32\T3

c:\windows\system32\T5

c:\windows\system32\T7

c:\windows\system32\T9

c:\windows\system32\T9\wb720.exe

c:\windows\system32\test.ttt

c:\windows\system32\tkeaaxko.ini

c:\windows\system32\tmp.reg

c:\windows\system32\uniq.tll

c:\windows\system32\uywnkbpa.ini

c:\windows\system32\VCCLSID.exe

c:\windows\system32\vfbcucbw.ini

c:\windows\system32\vyobptus.ini

c:\windows\system32\warning.gif

c:\windows\system32\win

c:\windows\system32\win32hlp.cnf

c:\windows\system32\winpfz32.sys

c:\windows\system32\wjryeohq.ini

c:\windows\system32\WS2Fix.exe

c:\windows\system32\ximsuqau.ini

D:\Autorun.inf

Infected copy of c:\windows\system32\userinit.exe was found and disinfected

Restored copy from - c:\windows\system32\init32.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_NPF

-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

2009-01-15 14:48 . 2009-01-15 14:48 <DIR> d-------- c:\program files\Uniblue

2009-01-15 14:48 . 2009-01-15 14:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Uniblue

2009-01-15 14:47 . 2009-01-15 14:48 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-01-14 19:32 . 2009-01-14 19:32 0 --------- c:\program files\jre-6u11-windows-i586-p.exe

2009-01-14 17:02 . 2009-01-14 17:02 <DIR> d-------- c:\program files\Trend Micro

2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

2009-01-14 16:05 . 2009-01-14 16:05 45,568 --------- c:\windows\system32\log.exe

2009-01-14 15:50 . 2009-01-14 15:50 24,064 --a------ c:\windows\system32\pcload.exe

2009-01-13 15:22 . 2009-01-13 15:24 <DIR> d-------- c:\program files\Virtual Earth 3D

2009-01-13 14:50 . 2009-01-13 14:50 61,224 --a------ c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe

2009-01-09 14:53 . 2009-01-09 14:53 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-08 20:02 . 2009-01-08 20:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-08 16:34 . 2009-01-08 16:34 <DIR> d-------- C:\GamersFirst

2009-01-04 10:32 . 2009-01-04 10:32 <DIR> d-------- c:\program files\Common Files\EasyInfo

2008-12-31 07:07 . 2008-12-31 07:07 268 --ah----- C:\sqmdata19.sqm

2008-12-31 07:07 . 2008-12-31 07:07 244 --ah----- C:\sqmnoopt19.sqm

2008-12-30 09:30 . 2008-12-30 09:30 21,446 --a------ c:\windows\system32\sf.ico

2008-12-30 09:30 . 2008-12-30 09:30 13,942 --a------ c:\windows\system32\m3.ico

2008-12-30 09:30 . 2008-12-30 09:30 3,097 --a------ c:\windows\ios.dat

2008-12-30 08:16 . 2008-12-30 08:16 268 --ah----- C:\sqmdata18.sqm

2008-12-30 08:16 . 2008-12-30 08:16 244 --ah----- C:\sqmnoopt18.sqm

2008-12-29 18:00 . 2008-12-29 18:00 268 --ah----- C:\sqmdata17.sqm

2008-12-29 18:00 . 2008-12-29 18:00 244 --ah----- C:\sqmnoopt17.sqm

2008-12-29 13:09 . 2008-12-29 13:09 268 --ah----- C:\sqmdata16.sqm

2008-12-29 13:09 . 2008-12-29 13:09 244 --ah----- C:\sqmnoopt16.sqm

2008-12-28 12:00 . 2008-12-28 12:00 268 --ah----- C:\sqmdata15.sqm

2008-12-28 12:00 . 2008-12-28 12:00 244 --ah----- C:\sqmnoopt15.sqm

2008-12-27 09:45 . 2008-12-27 09:45 268 --ah----- C:\sqmdata14.sqm

2008-12-27 09:45 . 2008-12-27 09:45 244 --ah----- C:\sqmnoopt14.sqm

2008-12-27 07:54 . 2008-12-27 07:54 268 --ah----- C:\sqmdata13.sqm

2008-12-27 07:54 . 2008-12-27 07:54 244 --ah----- C:\sqmnoopt13.sqm

2008-12-26 23:18 . 2008-12-26 23:18 268 --ah----- C:\sqmdata12.sqm

2008-12-26 23:18 . 2008-12-26 23:18 244 --ah----- C:\sqmnoopt12.sqm

2008-12-26 01:19 . 2008-12-26 01:19 268 --ah----- C:\sqmdata11.sqm

2008-12-26 01:19 . 2008-12-26 01:19 244 --ah----- C:\sqmnoopt11.sqm

2008-12-26 00:26 . 2008-12-26 00:26 268 --ah----- C:\sqmdata10.sqm

2008-12-26 00:26 . 2008-12-26 00:26 244 --ah----- C:\sqmnoopt10.sqm

2008-12-25 19:07 . 2008-12-25 19:07 268 --ah----- C:\sqmdata09.sqm

2008-12-25 19:07 . 2008-12-25 19:07 244 --ah----- C:\sqmnoopt09.sqm

2008-12-25 17:26 . 2008-12-25 17:26 <DIR> d-------- c:\program files\Ventrilo

2008-12-25 17:26 . 2008-12-25 17:26 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2008-12-25 17:22 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys

2008-12-25 17:22 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\dllcache\usbaudio.sys

2008-12-24 14:59 . 2008-12-24 14:59 268 --ah----- C:\sqmdata08.sqm

2008-12-24 14:59 . 2008-12-24 14:59 244 --ah----- C:\sqmnoopt08.sqm

2008-12-24 11:08 . 2008-12-24 11:08 268 --ah----- C:\sqmdata07.sqm

2008-12-24 11:08 . 2008-12-24 11:08 244 --ah----- C:\sqmnoopt07.sqm

2008-12-23 21:43 . 2009-01-06 14:52 268 --ah----- C:\sqmdata06.sqm

2008-12-23 21:43 . 2009-01-06 14:52 244 --ah----- C:\sqmnoopt06.sqm

2008-12-23 18:01 . 2008-12-23 18:01 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\fizzy

2008-12-23 18:00 . 2008-12-23 18:00 <DIR> d--hs---- c:\windows\ftpcache

2008-12-23 18:00 . 2008-12-23 18:02 <DIR> d-------- c:\program files\SSIII Solo Ultratus

2008-12-23 16:05 . 2008-12-23 16:05 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-12-23 15:46 . 2008-12-23 15:46 <DIR> d-------- c:\program files\ExeIco

2008-12-23 15:46 . 2008-12-23 15:46 22 --a------ c:\windows\system32\mseixml.sei

2008-12-23 15:46 . 2008-12-23 15:46 22 --a------ c:\windows\mseixml.sei

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 21:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-15 21:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Xfire

2009-01-15 19:31 --------- d-----w c:\program files\Xfire

2009-01-15 01:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-15 00:31 1,226 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm

2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-13 22:24 18,778 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat

2009-01-11 20:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\BitTorrent

2009-01-11 20:15 --------- d-----w c:\program files\Game_Maker7

2009-01-10 22:42 --------- d-----w c:\program files\TeamViewer3

2009-01-09 19:53 --------- d-----w c:\program files\Java

2009-01-08 20:52 --------- d-----w c:\program files\Knight Online

2009-01-03 19:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi

2009-01-02 19:33 31 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat

2008-12-28 16:42 --------- d-----w c:\program files\Cheat Engine

2008-12-25 22:28 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo

2008-12-25 22:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-23 00:51 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-14 13:38 --------- d-----w c:\program files\SourceTec

2008-12-14 13:38 --------- d-----w c:\program files\Common Files\SourceTec

2008-12-14 12:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\zweitgeist

2008-12-13 21:15 --------- d-----w c:\program files\Acoustica Shared Effects

2008-12-13 21:15 --------- d-----w c:\program files\Acoustica Mixcraft 4

2008-12-13 21:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Acoustica

2008-12-13 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Acoustica

2008-12-13 21:00 --------- d-----w c:\program files\Plugins

2008-12-13 02:09 --------- d-----w c:\program files\AnalogX

2008-12-13 02:03 --------- d-----w c:\program files\Micro Technology Unlimited

2008-12-07 14:59 --------- d-----w c:\program files\Rhapsody

2008-12-07 14:54 --------- d-----w c:\program files\Common Files\Real

2008-12-06 21:31 --------- d-----w c:\program files\VB5CCE

2008-11-30 20:23 --------- d-----w c:\program files\iTunes

2008-11-30 20:23 --------- d-----w c:\program files\iPod

2008-11-30 20:23 --------- d-----w c:\program files\Bonjour

2008-11-30 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-30 20:22 --------- d-----w c:\program files\QuickTime

2008-11-30 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-11-30 20:20 --------- d-----w c:\program files\Common Files\Apple

2008-11-30 20:20 --------- d-----w c:\program files\Apple Software Update

2008-11-30 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-11-30 18:05 --------- d-----w c:\program files\Misthalin-V1-Cache

2008-11-23 21:44 --------- d-----w c:\program files\American History

2008-11-23 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-11-23 12:58 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-22 21:43 --------- d-----w c:\program files\Unlocker

2008-11-21 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-18 21:40 --------- d-----w c:\program files\Enigma Software Group

2008-11-18 20:52 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2008-11-18 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-18 19:44 --------- d-----w c:\program files\GameSpy Arcade

2008-11-18 01:15 --------- d-----w c:\program files\AVG

2008-11-16 12:57 --------- d-----w c:\documents and settings\LocalService\Application Data\TeamViewer

2008-11-16 01:06 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\TeamViewer

2008-06-30 15:25 1,566,639 ----a-w c:\program files\TeamViewer3.zip

2008-01-15 20:57 40,767,663 ----a-w c:\program files\jdk-6u4-windows-x64.exe

2008-01-15 20:52 74,745,240 ----a-w c:\program files\jdk-6u4-windows-i586-p.exe

2008-01-15 01:19 16,885,128 ----a-w c:\program files\jre-1_5_0_14-windows-i586-p.exe

2007-12-28 16:39 68,830,616 ----a-w c:\program files\jdk-6u3-windows-i586-p.exe

2007-09-23 15:33 257,903 ----a-w c:\program files\skstp.zip

2007-08-19 17:50 774,144 ----a-w c:\program files\RngInterstitial.dll

2008-08-28 16:46 9,380,842 --sha-w c:\windows\system32\mmdm.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-07 3321856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2006-02-19 49152]

"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]

"Verizon Internet Security Suite"="c:\program files\Verizon\Verizon Internet Security Suite\Rps.exe" [2006-10-20 237568]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=bwzrov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.avis"= ff_acm.acm

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk

backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^wkcalrem.LNK]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\wkcalrem.LNK

backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ugzsv]

c:\program files\T?sks\w?wexec.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

--a------ 2008-04-17 18:27 9117696 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 19:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2001-11-08 19:19 53248 c:\windows\system32\MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=

"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\ijji\\ENGLISH\\u_sf.exe"=

"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Outspark\\Blackshot\\System\\BlackShot.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43594:TCP"= 43594:TCP:DragonzScap3

"587:TCP"= 587:TCP:RichScape

R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-16 24652]

S3 CEDRIVER53;CEDRIVER53;c:\program files\Cheat Engine\dbk32.sys [2007-07-27 35840]

S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [2007-07-27 35840]

S3 iCheat1;iCheat1;\??\c:\documents and settings\HP_Administrator\Desktop\EmertPackv2\ICHEAT\nvid999.sys --> c:\documents and settings\HP_Administrator\Desktop\EmertPackv2\ICHEAT\nvid999.sys [?]

S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]

S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]

S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]

S3 XDva041;XDva041;\??\c:\windows\system32\XDva041.sys --> c:\windows\system32\XDva041.sys [?]

S3 XDva054;XDva054;\??\c:\windows\system32\XDva054.sys --> c:\windows\system32\XDva054.sys [?]

S3 XDva136;XDva136;\??\c:\windows\system32\XDva136.sys --> c:\windows\system32\XDva136.sys [?]

S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]

S4 OneStepSearch Service;OneStepSearch Service;"c:\program files\OneStep\onestep.exe" "c:\program files\OneStep\onestep.dll" Service --> c:\program files\OneStep\onestep.exe [?]

.

Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-15 c:\windows\Tasks\qqglxslg.job

- c:\windows\System32\rundll32.exe [2004-08-09 23:00]

2009-01-11 c:\windows\Tasks\rpc.job

- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

.

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

BHO-{624C6684-8369-FFCD-1E64-F88DBC53D390} - c:\windows\system32\xkcvqgl.dll

BHO-{a093cab0-034e-4a28-a727-dd78798f2e6d} - c:\windows\system32\ivamvkg.dll

HKLM-Run-maxgkdcA - c:\windows\maxgkdcA.exe

HKLM-Run-{16-66-6F-F6-ZN} - c:\windows\system32\mrdsregs.exe

HKLM-Run-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe

HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe

HKLM-Run-RTHDCPL - RTHDCPL.EXE

HKLM-Run-AlwaysReady Power Message APP - ARPWRMSG.EXE

HKLM-Run-PCDrProfiler - (no file)

HKLM-Run-RegistryMechanic - (no file)

Notify-mdmm - mdmm.dll

MSConfigStartUp-mdmm - c:\windows\system32\mdmm.exe

MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\3.bin\mwsoemon.exe

MSConfigStartUp-Recorderzilla - c:\windows\system32\mdmm.exe

MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=C29vPH1LssJYfHGWFRJHbw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

IE: &Search

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\>IMVU\Run IMVU.lnk

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\v976jou0.default\

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\v976jou0.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 16:45:45

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4255771109-3460474395-2991926762-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

@DACL=(02 0000)

@="bootstrap.application.1"

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Verizon\Verizon Internet Security Suite\fws.exe

c:\windows\RTHDCPL.EXE

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Command Software\dvpapi.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\HPZipm12.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\ehome\ehmsas.exe

c:\windows\system32\dllhost.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-01-15 16:51:16 - machine was rebooted [HP_Administrator]

ComboFix-quarantined-files.txt 2009-01-15 21:51:13

Pre-Run: 73,982,300,160 bytes free

Post-Run: 81,241,579,520 bytes free

454 --- E O F --- 2008-12-18 00:03:13

And a hijack this log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:56:38 PM, on 1/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TeamViewer3\TeamViewer_Service.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\notepad.exe

C:\WINDOWS\explorer.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

c:\program files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo!

Link to post
Share on other sites

Also, just out of curiosity, how did you get to learn all about how to fix your comp [like education wise] I've always been interested in it. And in the future, aside with my goal of becoming a game designer, I've wanted to make an antivirus or atleast understand the concept.

Link to post
Share on other sites

Do you know what this zip is?

c:\program files\skstp.zip

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

c:\program files\jdk-6u4-windows-x64.exe

c:\program files\jdk-6u4-windows-i586-p.exe

c:\program files\jre-1_5_0_14-windows-i586-p.exe

c:\program files\jdk-6u3-windows-i586-p.exe

c:\windows\system32\sf.ico

c:\windows\system32\m3.ico

c:\windows\ios.dat

c:\windows\system32\mmdm.dat

c:\windows\system32\log.exe

c:\windows\system32\pcload.exe

c:\windows\Tasks\qqglxslg.job

Folder::

c:\documents and settings\HP_Administrator\Application Data\fizzy

c:\documents and settings\HP_Administrator\Application Data\zweitgeist

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ugzsv]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.
Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:30:15 PM, on 1/15/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Command Software\dvpapi.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\TeamViewer3\TeamViewer_Service.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

c:\program files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo!

ComboFix.txt

ComboFix.txt

Link to post
Share on other sites

Yes, the sk something.zip is the folder I have for Visual Basic 6.0 setup [Visual Basic is .exe creation, etc.] I can delete it if you want, I don't need it anymore. On to the ComboFix.

ComboFix 09-01-13.04 - HP_Administrator 2009-01-15 17:21:42.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.540 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: Norton 360 *On-access scanning disabled* (Outdated)

FW: Norton 360 *enabled*

* Created a new restore point

FILE ::

c:\program files\jdk-6u3-windows-i586-p.exe

c:\program files\jdk-6u4-windows-i586-p.exe

c:\program files\jdk-6u4-windows-x64.exe

c:\program files\jre-1_5_0_14-windows-i586-p.exe

c:\windows\ios.dat

c:\windows\system32\log.exe

c:\windows\system32\m3.ico

c:\windows\system32\mmdm.dat

c:\windows\system32\pcload.exe

c:\windows\system32\sf.ico

c:\windows\Tasks\qqglxslg.job

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\HP_Administrator\Application Data\fizzy

c:\documents and settings\HP_Administrator\Application Data\zweitgeist

c:\documents and settings\HP_Administrator\Application Data\zweitgeist\Hash.txt

c:\documents and settings\HP_Administrator\Application Data\zweitgeist\Install.log

c:\program files\jdk-6u3-windows-i586-p.exe

c:\program files\jdk-6u4-windows-i586-p.exe

c:\program files\jdk-6u4-windows-x64.exe

c:\program files\jre-1_5_0_14-windows-i586-p.exe

c:\windows\ios.dat

c:\windows\system32\log.exe

c:\windows\system32\m3.ico

c:\windows\system32\mmdm.dat

c:\windows\system32\pcload.exe

c:\windows\system32\sf.ico

c:\windows\Tasks\qqglxslg.job

.

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))

.

2009-01-15 14:48 . 2009-01-15 14:48 <DIR> d-------- c:\program files\Uniblue

2009-01-15 14:48 . 2009-01-15 14:48 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Uniblue

2009-01-15 14:47 . 2009-01-15 14:48 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-01-14 19:32 . 2009-01-14 19:32 0 --------- c:\program files\jre-6u11-windows-i586-p.exe

2009-01-14 17:02 . 2009-01-14 17:02 <DIR> d-------- c:\program files\Trend Micro

2009-01-14 16:07 . 2009-01-14 16:07 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Yahoo!

2009-01-13 15:22 . 2009-01-13 15:24 <DIR> d-------- c:\program files\Virtual Earth 3D

2009-01-13 14:50 . 2009-01-13 14:50 61,224 --a------ c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe

2009-01-09 14:53 . 2009-01-09 14:53 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-08 20:02 . 2009-01-08 20:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-08 16:34 . 2009-01-08 16:34 <DIR> d-------- C:\GamersFirst

2009-01-04 10:32 . 2009-01-04 10:32 <DIR> d-------- c:\program files\Common Files\EasyInfo

2008-12-31 07:07 . 2008-12-31 07:07 268 --ah----- C:\sqmdata19.sqm

2008-12-31 07:07 . 2008-12-31 07:07 244 --ah----- C:\sqmnoopt19.sqm

2008-12-30 08:16 . 2008-12-30 08:16 268 --ah----- C:\sqmdata18.sqm

2008-12-30 08:16 . 2008-12-30 08:16 244 --ah----- C:\sqmnoopt18.sqm

2008-12-29 18:00 . 2008-12-29 18:00 268 --ah----- C:\sqmdata17.sqm

2008-12-29 18:00 . 2008-12-29 18:00 244 --ah----- C:\sqmnoopt17.sqm

2008-12-29 13:09 . 2008-12-29 13:09 268 --ah----- C:\sqmdata16.sqm

2008-12-29 13:09 . 2008-12-29 13:09 244 --ah----- C:\sqmnoopt16.sqm

2008-12-28 12:00 . 2008-12-28 12:00 268 --ah----- C:\sqmdata15.sqm

2008-12-28 12:00 . 2008-12-28 12:00 244 --ah----- C:\sqmnoopt15.sqm

2008-12-27 09:45 . 2008-12-27 09:45 268 --ah----- C:\sqmdata14.sqm

2008-12-27 09:45 . 2008-12-27 09:45 244 --ah----- C:\sqmnoopt14.sqm

2008-12-27 07:54 . 2008-12-27 07:54 268 --ah----- C:\sqmdata13.sqm

2008-12-27 07:54 . 2008-12-27 07:54 244 --ah----- C:\sqmnoopt13.sqm

2008-12-26 23:18 . 2008-12-26 23:18 268 --ah----- C:\sqmdata12.sqm

2008-12-26 23:18 . 2008-12-26 23:18 244 --ah----- C:\sqmnoopt12.sqm

2008-12-26 01:19 . 2008-12-26 01:19 268 --ah----- C:\sqmdata11.sqm

2008-12-26 01:19 . 2008-12-26 01:19 244 --ah----- C:\sqmnoopt11.sqm

2008-12-26 00:26 . 2008-12-26 00:26 268 --ah----- C:\sqmdata10.sqm

2008-12-26 00:26 . 2008-12-26 00:26 244 --ah----- C:\sqmnoopt10.sqm

2008-12-25 19:07 . 2008-12-25 19:07 268 --ah----- C:\sqmdata09.sqm

2008-12-25 19:07 . 2008-12-25 19:07 244 --ah----- C:\sqmnoopt09.sqm

2008-12-25 17:26 . 2008-12-25 17:26 <DIR> d-------- c:\program files\Ventrilo

2008-12-25 17:26 . 2008-12-25 17:26 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

2008-12-25 17:22 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys

2008-12-25 17:22 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\dllcache\usbaudio.sys

2008-12-24 14:59 . 2008-12-24 14:59 268 --ah----- C:\sqmdata08.sqm

2008-12-24 14:59 . 2008-12-24 14:59 244 --ah----- C:\sqmnoopt08.sqm

2008-12-24 11:08 . 2008-12-24 11:08 268 --ah----- C:\sqmdata07.sqm

2008-12-24 11:08 . 2008-12-24 11:08 244 --ah----- C:\sqmnoopt07.sqm

2008-12-23 21:43 . 2009-01-06 14:52 268 --ah----- C:\sqmdata06.sqm

2008-12-23 21:43 . 2009-01-06 14:52 244 --ah----- C:\sqmnoopt06.sqm

2008-12-23 18:00 . 2008-12-23 18:00 <DIR> d--hs---- c:\windows\ftpcache

2008-12-23 18:00 . 2008-12-23 18:02 <DIR> d-------- c:\program files\SSIII Solo Ultratus

2008-12-23 16:05 . 2008-12-23 16:05 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-12-23 15:46 . 2008-12-23 15:46 <DIR> d-------- c:\program files\ExeIco

2008-12-23 15:46 . 2008-12-23 15:46 22 --a------ c:\windows\system32\mseixml.sei

2008-12-23 15:46 . 2008-12-23 15:46 22 --a------ c:\windows\mseixml.sei

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-15 22:01 --------- d-----w c:\program files\Enigma Software Group

2009-01-15 21:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-15 21:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Xfire

2009-01-15 19:31 --------- d-----w c:\program files\Xfire

2009-01-15 01:23 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-15 00:31 1,226 ----a-w c:\program files\jre-6u11-windows-i586-p.exe.sdm

2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-13 22:24 18,778 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat

2009-01-11 20:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\BitTorrent

2009-01-11 20:15 --------- d-----w c:\program files\Game_Maker7

2009-01-10 22:42 --------- d-----w c:\program files\TeamViewer3

2009-01-09 19:53 --------- d-----w c:\program files\Java

2009-01-08 20:52 --------- d-----w c:\program files\Knight Online

2009-01-03 19:47 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi

2009-01-02 19:33 31 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat

2008-12-28 16:42 --------- d-----w c:\program files\Cheat Engine

2008-12-25 22:28 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ventrilo

2008-12-25 22:25 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-23 00:51 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-14 13:38 --------- d-----w c:\program files\SourceTec

2008-12-14 13:38 --------- d-----w c:\program files\Common Files\SourceTec

2008-12-13 21:15 --------- d-----w c:\program files\Acoustica Shared Effects

2008-12-13 21:15 --------- d-----w c:\program files\Acoustica Mixcraft 4

2008-12-13 21:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Acoustica

2008-12-13 21:08 --------- d-----w c:\documents and settings\All Users\Application Data\Acoustica

2008-12-13 21:00 --------- d-----w c:\program files\Plugins

2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-12-13 02:09 --------- d-----w c:\program files\AnalogX

2008-12-13 02:03 --------- d-----w c:\program files\Micro Technology Unlimited

2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll

2008-12-07 14:59 --------- d-----w c:\program files\Rhapsody

2008-12-07 14:54 --------- d-----w c:\program files\Common Files\Real

2008-12-06 21:31 --------- d-----w c:\program files\VB5CCE

2008-11-30 20:23 --------- d-----w c:\program files\iTunes

2008-11-30 20:23 --------- d-----w c:\program files\iPod

2008-11-30 20:23 --------- d-----w c:\program files\Bonjour

2008-11-30 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-30 20:22 --------- d-----w c:\program files\QuickTime

2008-11-30 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-11-30 20:20 --------- d-----w c:\program files\Common Files\Apple

2008-11-30 20:20 --------- d-----w c:\program files\Apple Software Update

2008-11-30 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Apple

2008-11-30 18:05 --------- d-----w c:\program files\Misthalin-V1-Cache

2008-11-23 21:44 --------- d-----w c:\program files\American History

2008-11-23 13:01 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2008-11-23 12:58 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-22 21:43 --------- d-----w c:\program files\Unlocker

2008-11-21 20:17 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-18 20:52 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes

2008-11-18 20:52 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-18 19:44 --------- d-----w c:\program files\GameSpy Arcade

2008-11-18 01:15 --------- d-----w c:\program files\AVG

2008-11-16 12:57 --------- d-----w c:\documents and settings\LocalService\Application Data\TeamViewer

2008-11-16 01:06 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\TeamViewer

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll

2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe

2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll

2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll

2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe

2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll

2008-06-30 15:25 1,566,639 ----a-w c:\program files\TeamViewer3.zip

2007-09-23 15:33 257,903 ----a-w c:\program files\skstp.zip

2007-08-19 17:50 774,144 ----a-w c:\program files\RngInterstitial.dll

.

((((((((((((((((((((((((((((( snapshot@2009-01-15_16.50.29.38 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-07 3321856]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]

"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]

"Fraps"="c:\fraps\FRAPS.EXE" [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2006-02-19 49152]

"VerizonServicepoint.exe"="c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe" [2006-02-01 1880064]

"Verizon Internet Security Suite"="c:\program files\Verizon\Verizon Internet Security Suite\Rps.exe" [2006-10-20 237568]

"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-02-27 45056]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]

"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-12-11 2990416]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=bwzrov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

"msacm.avis"= ff_acm.acm

"vidc.MJPG"= m3jpeg32.dll

"vidc.dmb1"= m3jpeg32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^IMVU.lnk]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\IMVU.lnk

backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^wkcalrem.LNK]

path=c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\wkcalrem.LNK

backup=c:\windows\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]

--a------ 2008-04-17 18:27 9117696 c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 19:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2001-11-08 19:19 53248 c:\windows\system32\MMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=

"c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\ijji\\ENGLISH\\u_sf.exe"=

"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=

"c:\\Program Files\\Xfire\\xfire.exe"=

"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"c:\\Nexon\\Combat Arms\\NMService.exe"=

"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=

"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Outspark\\Blackshot\\System\\BlackShot.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"43594:TCP"= 43594:TCP:DragonzScap3

"587:TCP"= 587:TCP:RichScape

R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]

R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-02-16 24652]

S3 CEDRIVER53;CEDRIVER53;c:\program files\Cheat Engine\dbk32.sys [2007-07-27 35840]

S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [2007-07-27 35840]

S3 iCheat1;iCheat1;\??\c:\documents and settings\HP_Administrator\Desktop\EmertPackv2\ICHEAT\nvid999.sys --> c:\documents and settings\HP_Administrator\Desktop\EmertPackv2\ICHEAT\nvid999.sys [?]

S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]

S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]

S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys --> c:\windows\system32\XDva016.sys [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]

S3 XDva041;XDva041;\??\c:\windows\system32\XDva041.sys --> c:\windows\system32\XDva041.sys [?]

S3 XDva054;XDva054;\??\c:\windows\system32\XDva054.sys --> c:\windows\system32\XDva054.sys [?]

S3 XDva136;XDva136;\??\c:\windows\system32\XDva136.sys --> c:\windows\system32\XDva136.sys [?]

S3 XDva208;XDva208;\??\c:\windows\system32\XDva208.sys --> c:\windows\system32\XDva208.sys [?]

S4 OneStepSearch Service;OneStepSearch Service;"c:\program files\OneStep\onestep.exe" "c:\program files\OneStep\onestep.dll" Service --> c:\program files\OneStep\onestep.exe [?]

.

Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-11 c:\windows\Tasks\rpc.job

- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=C29vPH1LssJYfHGWFRJHbw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

IE: &Search

IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Administrator\Start Menu\Programs\>IMVU\Run IMVU.lnk

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\v976jou0.default\

FF - component: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\v976jou0.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 17:23:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4255771109-3460474395-2991926762-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]

@DACL=(02 0000)

@="bootstrap.application.1"

.

Completion time: 2009-01-15 17:27:04

ComboFix-quarantined-files.txt 2009-01-15 22:25:46

ComboFix2.txt 2009-01-15 21:51:16

Pre-Run: 81,224,814,592 bytes free

Post-Run: 81,007,366,144 bytes free

356 --- E O F --- 2008-12-18 00:03:13

Link to post
Share on other sites

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 3800+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : HP_Administrator ( Administrator )

BOOT : Normal boot

Antivirus : Norton 360 2007 (Not Activated)

Firewall : Norton 360 2007 (Activated)

C:\ (Local Disk) - NTFS - Total:177 Go (Free:75 Go)

D:\ (Local Disk) - FAT32 - Total:8 Go (Free:0 Go)

E:\ (CD or DVD)

G:\ (USB)

H:\ (USB)

I:\ (USB)

J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( Thu 01/15/2009|17:45 )

--------------------\\ Listing folders in APPLIC~1

[11/14/2005|08:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities

[11/15/2006|04:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intuit

[11/23/2008|08:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[11/15/2006|04:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Real

[11/30/2008|03:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[01/15/2009|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[12/13/2008|04:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Acoustica

[11/03/2008|04:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe

[11/03/2008|04:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems

[04/18/2008|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL

[06/13/2007|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads

[01/31/2007|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP

[11/30/2008|03:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple

[11/30/2008|03:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer

[11/23/2008|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8

[11/15/2006|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Digital Interactive Systems Corporation

[01/08/2009|08:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Electronic Arts

[07/26/2007|05:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google

[11/15/2006|04:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard

[01/15/2007|07:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP

[09/19/2008|05:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IJJIGame

[11/15/2006|04:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield

[11/15/2006|04:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit

[06/06/2008|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> JCreator

[11/18/2008|03:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes

[06/25/2008|03:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[09/23/2007|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help

[09/11/2008|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS

[04/10/2008|06:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles

[12/20/2007|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage

[11/15/2006|04:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI

[11/15/2006|04:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic

[02/28/2008|06:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony

[11/21/2008|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy

[02/28/2008|11:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SwiftKit

[07/26/2007|05:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SwiftSwitch

[08/19/2007|11:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec

[09/01/2008|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TechSmith

[01/15/2009|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP

[08/19/2007|12:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia

[12/25/2007|07:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ulead Systems

[04/04/2007|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Verizon

[04/18/2008|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint

[11/15/2006|04:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent

[06/19/2007|09:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[08/19/2007|06:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Winferno

[06/25/2008|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller

[01/21/2008|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> YAHOO

[04/17/2008|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[04/18/2008|06:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[11/14/2005|08:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities

[11/15/2006|04:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intuit

[11/15/2006|04:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[11/15/2006|04:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real

[08/27/2008|05:58] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> .purple

[01/31/2007|03:39] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> acccore

[12/13/2008|04:15] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Acoustica

[01/13/2009|04:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Adobe

[01/21/2007|03:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> AdobeUM

[06/11/2007|10:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> AIM

[09/23/2007|05:36] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Allume Systems

[01/21/2007|12:19] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Apple Computer

[11/06/2007|12:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> bang

[09/23/2007|12:27] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> BearShare

[01/11/2009|03:58] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> BitTorrent

[03/12/2008|02:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> BitTorrent DNA

[09/23/2007|10:46] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> BYOND

[09/04/2008|06:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> DNA

[06/27/2007|11:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Google

[08/27/2008|08:43] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> gtk-2.0

[01/03/2009|02:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Hamachi

[01/16/2007|03:32] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Help

[01/15/2007|07:23] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> HP

[01/15/2007|10:22] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> HPQ

[11/14/2005|08:04] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Identities

[09/19/2008|07:27] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> ijjigame

[06/16/2007|07:14] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> IMVU

[06/19/2007|10:25] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> InstallShield

[12/25/2007|07:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> InterTrust

[11/15/2006|04:27] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Intuit

[06/06/2008|04:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> JCreator

[09/07/2007|07:25] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Leadertech

[01/15/2007|06:47] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Macromedia

[11/18/2008|03:52] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Malwarebytes

[01/13/2009|03:26] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Microsoft

[08/20/2008|11:27] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Mozilla

[02/09/2008|09:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> MSNInstaller

[05/02/2008|05:17] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> MySpace

[06/27/2008|01:12] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> NetMedia Providers

[11/19/2007|05:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Nexon

[03/21/2008|07:08] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Publish Providers

[12/07/2008|09:54] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Real

[10/29/2007|04:13] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> SecuROM

[09/30/2007|05:01] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Sonic

[07/10/2008|12:44] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Sony

[08/18/2008|12:05] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Subversion

[01/18/2007|04:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Sun

[06/27/2007|01:03] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Symantec

[04/30/2008|07:21] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> TeamViewer

[01/15/2007|07:41] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Template

[01/21/2008|09:24] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> TrojanHunter

[03/22/2008|07:42] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Ulead Systems

[01/15/2009|02:48] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Uniblue

[12/25/2008|05:28] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Ventrilo

[04/04/2007|04:43] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Verizon

[01/31/2007|04:00] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Viewpoint

[09/29/2007|05:38] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> WinRAR

[01/15/2009|04:45] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Xfire

[01/21/2008|09:07] C:\DOCUME~1\HP_ADM~1\APPLIC~1\<DIR> Yahoo!

[11/23/2008|08:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[09/20/2008|05:20] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[11/16/2008|07:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> TeamViewer

[07/19/2008|12:18] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Xfire

[11/23/2008|08:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[08/02/2008|10:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Xfire

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/14/2009 09:08 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[01/11/2009 09:00 AM][--a------] C:\WINDOWS\tasks\rpc.job

[01/15/2009 05:25 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT

[08/10/2004 06:00 AM][-rah-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/10/2008|06:25] C:\Program Files\<DIR> Abyssal_Legion

[06/27/2008|02:12] C:\Program Files\<DIR> Acoustica Beatcraft

[12/13/2008|04:15] C:\Program Files\<DIR> Acoustica Mixcraft 4

[12/13/2008|04:15] C:\Program Files\<DIR> Acoustica Shared Effects

[11/03/2008|04:54] C:\Program Files\<DIR> Adobe

[06/11/2007|10:44] C:\Program Files\<DIR> AIM

[04/18/2008|05:26] C:\Program Files\<DIR> AIM6

[11/23/2008|04:44] C:\Program Files\<DIR> American History

[12/12/2008|09:09] C:\Program Files\<DIR> AnalogX

[04/18/2008|05:25] C:\Program Files\<DIR> AOL

[11/30/2008|03:20] C:\Program Files\<DIR> Apple Software Update

[11/03/2008|06:55] C:\Program Files\<DIR> AssaultCube

[11/17/2008|08:15] C:\Program Files\<DIR> AVG

[06/19/2007|05:48] C:\Program Files\<DIR> AWClient

[09/23/2007|12:27] C:\Program Files\<DIR> BearShare Applications

[09/23/2007|10:21] C:\Program Files\<DIR> BitTorrent

[03/12/2008|02:05] C:\Program Files\<DIR> BitTorrent_DNA

[01/08/2008|01:07] C:\Program Files\<DIR> BlazeScape

[11/30/2008|03:23] C:\Program Files\<DIR> Bonjour

[08/19/2007|12:35] C:\Program Files\<DIR> BoontyGames

[08/31/2007|01:43] C:\Program Files\<DIR> BYOND

[12/04/2007|06:22] C:\Program Files\<DIR> CDBurnerXP

[12/28/2008|11:42] C:\Program Files\<DIR> Cheat Engine

[01/15/2009|05:22] C:\Program Files\<DIR> Common Files

[11/11/2005|05:56] C:\Program Files\<DIR> ComPlus Applications

[07/10/2008|06:25] C:\Program Files\<DIR> Conduit

[11/15/2006|04:06] C:\Program Files\<DIR> CONEXANT

[05/08/2007|07:51] C:\Program Files\<DIR> Datel

[09/08/2007|01:50] C:\Program Files\<DIR> directx

[11/07/2007|07:09] C:\Program Files\<DIR> DISC

[09/21/2007|02:27] C:\Program Files\<DIR> DivX

[08/30/2008|05:01] C:\Program Files\<DIR> DNA

[12/25/2007|07:04] C:\Program Files\<DIR> DSC_Program

[10/29/2007|04:00] C:\Program Files\<DIR> EA GAMES

[08/02/2008|07:23] C:\Program Files\<DIR> Electronic Arts

[09/08/2007|01:49] C:\Program Files\<DIR> Empire Interactive

[11/15/2006|03:45] C:\Program Files\<DIR> EnglishOtto

[01/15/2009|05:01] C:\Program Files\<DIR> Enigma Software Group

[06/11/2008|05:40] C:\Program Files\<DIR> euro gunz beta 6

[12/23/2008|03:46] C:\Program Files\<DIR> ExeIco

[08/02/2008|10:34] C:\Program Files\<DIR> ffdshow

[08/19/2007|07:05] C:\Program Files\<DIR> Freeze.com Toolbar

[08/27/2008|07:51] C:\Program Files\<DIR> Fun Web Products

[12/28/2007|11:07] C:\Program Files\<DIR> FunScape

[11/06/2008|07:44] C:\Program Files\<DIR> Future Pinball

[01/11/2009|03:15] C:\Program Files\<DIR> Game_Maker7

[11/18/2008|02:44] C:\Program Files\<DIR> GameSpy Arcade

[11/15/2006|03:45] C:\Program Files\<DIR> GemMaster

[08/23/2007|07:46] C:\Program Files\<DIR> Global Star Software

[08/21/2007|02:52] C:\Program Files\<DIR> GlobalStar Software

[01/25/2008|01:29] C:\Program Files\<DIR> GnuWin32

[03/07/2008|06:39] C:\Program Files\<DIR> Google

[02/22/2008|07:35] C:\Program Files\<DIR> Hamachi

[11/15/2006|04:38] C:\Program Files\<DIR> Hewlett-Packard

[09/21/2007|02:33] C:\Program Files\<DIR> HP

[11/15/2006|04:15] C:\Program Files\<DIR> HP DigitalMedia Archive

[09/21/2007|02:30] C:\Program Files\<DIR> HP Games

[08/04/2008|02:50] C:\Program Files\<DIR> HypCam 2

[12/22/2008|07:51] C:\Program Files\<DIR> InstallShield Installation Information

[01/14/2009|08:31] C:\Program Files\<DIR> Internet Explorer

[11/30/2008|03:23] C:\Program Files\<DIR> iPod

[11/30/2008|03:23] C:\Program Files\<DIR> iTunes

[01/09/2009|02:53] C:\Program Files\<DIR> Java

[01/08/2009|03:52] C:\Program Files\<DIR> Knight Online

[11/06/2008|03:55] C:\Program Files\<DIR> LimeWire

[01/14/2009|08:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware

[08/15/2008|07:25] C:\Program Files\<DIR> Messenger

[12/12/2008|09:03] C:\Program Files\<DIR> Micro Technology Unlimited

[06/28/2008|05:00] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2

[07/26/2007|08:08] C:\Program Files\<DIR> microsoft frontpage

[11/24/2007|12:48] C:\Program Files\<DIR> Microsoft Games

[11/15/2006|04:23] C:\Program Files\<DIR> Microsoft Money 2006

[09/23/2007|12:49] C:\Program Files\<DIR> Microsoft Office

[10/20/2008|10:22] C:\Program Files\<DIR> Microsoft Silverlight

[02/28/2008|06:58] C:\Program Files\<DIR> Microsoft SQL Server

[09/23/2007|12:50] C:\Program Files\<DIR> Microsoft Visual Studio 8

[05/03/2008|07:11] C:\Program Files\<DIR> Microsoft Works

[09/23/2007|12:49] C:\Program Files\<DIR> Microsoft.NET

[11/30/2008|01:05] C:\Program Files\<DIR> Misthalin-V1-Cache

[02/15/2008|02:16] C:\Program Files\<DIR> MoparScape

[08/02/2008|10:59] C:\Program Files\<DIR> Morgan

[02/13/2008|07:41] C:\Program Files\<DIR> Movie Maker

[01/15/2009|05:29] C:\Program Files\<DIR> Mozilla Firefox

[02/09/2008|09:24] C:\Program Files\<DIR> MSN

[11/15/2006|04:23] C:\Program Files\<DIR> MSN Encarta Standard

[11/14/2005|08:07] C:\Program Files\<DIR> MSN Gaming Zone

[01/23/2007|03:57] C:\Program Files\<DIR> MSXML 4.0

[11/15/2006|04:14] C:\Program Files\<DIR> music_now

[11/15/2006|04:26] C:\Program Files\<DIR> muvee Technologies

[08/19/2007|12:35] C:\Program Files\<DIR> My Downloaded Games

[05/02/2008|05:17] C:\Program Files\<DIR> MySpace

[11/14/2005|08:07] C:\Program Files\<DIR> NetMeeting

[11/15/2006|04:14] C:\Program Files\<DIR> Netscape

[10/01/2008|03:42] C:\Program Files\<DIR> NewBlue

[05/24/2008|05:52] C:\Program Files\<DIR> NHN USA

[06/30/2008|10:03] C:\Program Files\<DIR> No-IP

[07/25/2007|07:35] C:\Program Files\<DIR> Norton 360

[11/15/2006|04:40] C:\Program Files\<DIR> Online Services

[06/12/2007|08:06] C:\Program Files\<DIR> Outlook Express

[10/03/2008|02:37] C:\Program Files\<DIR> Outspark

[06/14/2008|09:04] C:\Program Files\<DIR> Paint.NET

[11/15/2006|04:36] C:\Program Files\<DIR> PC-Doctor for DOS

[08/27/2008|08:28] C:\Program Files\<DIR> Pidgin

[12/13/2008|04:00] C:\Program Files\<DIR> Plugins

[10/07/2007|06:26] C:\Program Files\<DIR> Prima Games

[12/18/2007|10:10] C:\Program Files\<DIR> Quick Memory Editor

[11/15/2006|04:27] C:\Program Files\<DIR> Quicken

[11/30/2008|03:22] C:\Program Files\<DIR> QuickTime

[08/19/2007|12:50] C:\Program Files\<DIR> Real

[06/18/2007|02:06] C:\Program Files\<DIR> ReflexiveArcade

[12/04/2007|06:06] C:\Program Files\<DIR> Registry Mechanic

[09/21/2007|03:09] C:\Program Files\<DIR> Required

[12/07/2008|09:59] C:\Program Files\<DIR> Rhapsody

[04/07/2008|06:12] C:\Program Files\<DIR> Rockstar Games

[12/18/2007|10:10] C:\Program Files\<DIR> SCAR 2.03

[09/23/2007|10:37] C:\Program Files\<DIR> skstp

[11/15/2006|04:20] C:\Program Files\<DIR> Sonic

[06/27/2008|01:07] C:\Program Files\<DIR> Sony

[06/27/2008|01:07] C:\Program Files\<DIR> Sony Setup

[12/14/2008|08:38] C:\Program Files\<DIR> SourceTec

[11/23/2008|07:58] C:\Program Files\<DIR> Spybot - Search & Destroy

[12/23/2008|06:02] C:\Program Files\<DIR> SSIII Solo Ultratus

[09/01/2007|10:31] C:\Program Files\<DIR> Stick RPG

[01/25/2008|05:15] C:\Program Files\<DIR> Sun

[02/28/2008|11:51] C:\Program Files\<DIR> SwiftKit

[08/19/2007|07:06] C:\Program Files\<DIR> SwiftSwitch

[01/10/2009|05:42] C:\Program Files\<DIR> TeamViewer3

[09/01/2008|07:57] C:\Program Files\<DIR> TechSmith

[06/09/2007|04:59] C:\Program Files\<DIR> The Lounge

[08/19/2007|07:07] C:\Program Files\<DIR> The Weather Channel FW

[11/06/2007|12:21] C:\Program Files\<DIR> Three Rings Design

[07/10/2008|06:25] C:\Program Files\<DIR> tjscape

[01/14/2009|05:02] C:\Program Files\<DIR> Trend Micro

[01/21/2008|01:57] C:\Program Files\<DIR> TrojanHunter 5.0

[08/22/2007|07:42] C:\Program Files\<DIR> Trymedia

[12/25/2007|07:02] C:\Program Files\<DIR> Ulead Systems

[01/15/2009|02:48] C:\Program Files\<DIR> Uniblue

[02/28/2008|06:59] C:\Program Files\<DIR> Uninstall Information

[11/22/2008|04:43] C:\Program Files\<DIR> Unlocker

[11/15/2006|04:30] C:\Program Files\<DIR> Updates from HP

[12/06/2008|04:31] C:\Program Files\<DIR> VB5CCE

[12/25/2008|05:26] C:\Program Files\<DIR> Ventrilo

[04/04/2007|04:37] C:\Program Files\<DIR> Verizon

[04/02/2007|08:07] C:\Program Files\<DIR> Viewpoint

[01/13/2009|03:24] C:\Program Files\<DIR> Virtual Earth 3D

[06/27/2007|10:24] C:\Program Files\<DIR> Virtual Villagers 2

[02/28/2008|06:57] C:\Program Files\<DIR> Vstplugins

[10/09/2008|05:47] C:\Program Files\<DIR> WatchMeWare

[11/15/2006|04:16] C:\Program Files\<DIR> WildTangent

[06/25/2008|03:04] C:\Program Files\<DIR> Windows Live

[09/23/2007|01:48] C:\Program Files\<DIR> Windows Media Connect 2

[09/23/2007|01:51] C:\Program Files\<DIR> Windows Media Player

[11/14/2005|08:07] C:\Program Files\<DIR> Windows NT

[11/14/2005|08:08] C:\Program Files\<DIR> Windows Plus

[11/11/2005|05:56] C:\Program Files\<DIR> WindowsUpdate

[12/02/2007|04:07] C:\Program Files\<DIR> WinRAR

[12/18/2007|10:12] C:\Program Files\<DIR> World of Pirates

[11/14/2005|08:08] C:\Program Files\<DIR> xerox

[01/15/2009|02:31] C:\Program Files\<DIR> Xfire

[06/06/2008|04:42] C:\Program Files\<DIR> Xinox Software

[04/17/2008|06:14] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/03/2008|04:52] C:\Program Files\Common Files\<DIR> Adobe

[11/03/2008|04:50] C:\Program Files\Common Files\<DIR> Adobe Systems Shared

[01/31/2007|05:38] C:\Program Files\Common Files\<DIR> AOL

[11/30/2008|03:20] C:\Program Files\Common Files\<DIR> Apple

[04/04/2007|04:38] C:\Program Files\Common Files\<DIR> Command Software

[09/23/2007|12:49] C:\Program Files\Common Files\<DIR> Designer

[10/03/2008|02:48] C:\Program Files\Common Files\<DIR> DirectX

[12/23/2008|04:05] C:\Program Files\Common Files\<DIR> Download Manager

[01/04/2009|10:32] C:\Program Files\Common Files\<DIR> EasyInfo

[10/01/2008|03:42] C:\Program Files\Common Files\<DIR> eSellerate

[08/27/2008|08:27] C:\Program Files\Common Files\<DIR> GTK

[11/15/2006|04:10] C:\Program Files\Common Files\<DIR> HP

[06/02/2008|03:21] C:\Program Files\Common Files\<DIR> INCA Shared

[11/15/2006|04:37] C:\Program Files\Common Files\<DIR> InstallShield

[11/15/2006|04:27] C:\Program Files\Common Files\<DIR> Intuit

[11/15/2006|03:50] C:\Program Files\Common Files\<DIR> Java

[11/15/2006|04:21] C:\Program Files\Common Files\<DIR> LightScribe

[11/15/2006|04:21] C:\Program Files\Common Files\<DIR> LS Getting Started

[12/06/2008|04:31] C:\Program Files\Common Files\<DIR> Microsoft Shared

[11/14/2005|08:06] C:\Program Files\Common Files\<DIR> MSSoap

[11/15/2006|04:25] C:\Program Files\Common Files\<DIR> muvee Technologies

[01/31/2007|03:38] C:\Program Files\Common Files\<DIR> Nullsoft

[11/14/2005|08:06] C:\Program Files\Common Files\<DIR> ODBC

[11/15/2006|04:27] C:\Program Files\Common Files\<DIR> Palo Alto Software

[04/04/2007|04:39] C:\Program Files\Common Files\<DIR> PestPatrol

[12/07/2008|09:54] C:\Program Files\Common Files\<DIR> Real

[11/14/2005|08:06] C:\Program Files\Common Files\<DIR> Services

[11/15/2006|04:15] C:\Program Files\Common Files\<DIR> Sonic Shared

[12/14/2008|08:38] C:\Program Files\Common Files\<DIR> SourceTec

[11/14/2005|08:06] C:\Program Files\Common Files\<DIR> SpeechEngines

[01/21/2008|09:06] C:\Program Files\Common Files\<DIR> SureThing Shared

[12/08/2007|11:36] C:\Program Files\Common Files\<DIR> SWF Studio

[08/19/2007|11:27] C:\Program Files\Common Files\<DIR> Symantec Shared

[06/12/2007|08:06] C:\Program Files\Common Files\<DIR> System

[09/01/2008|07:57] C:\Program Files\Common Files\<DIR> TechSmith Shared

[11/15/2006|04:20] C:\Program Files\Common Files\<DIR> TiVo Shared

[12/25/2007|07:02] C:\Program Files\Common Files\<DIR> Ulead Systems

[06/25/2008|03:04] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

[12/25/2008|05:25] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 55 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrator@advertising[2].txt

C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrator@game-advertising-online[1].txt

C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrator@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-15 17:46:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 47

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HP_ADM~1\Application Data\BitTorrent\Keygen.exe.torrent

C:\DOCUME~1\HP_ADM~1\Application Data\BitTorrent\Sony Vegas 7.0D KEYGEN.torrent

C:\DOCUME~1\HP_ADM~1\Desktop\DeskTop Folders\My Desktop\Desktop 2\Keygen.exe

C:\DOCUME~1\HP_ADM~1\Desktop\DeskTop Folders\NewBlueArtEffects\Crack

C:\DOCUME~1\HP_ADM~1\Desktop\DeskTop Folders\NewBlueArtEffects\Crack\ArtEffectsVegas.dll

C:\DOCUME~1\HP_ADM~1\Desktop\DeskTop Folders\NewBlueArtEffects\Crack\NewBlue.nfo

C:\DOCUME~1\HP_ADM~1\Desktop\DeskTop Folders\NewBlueArtEffects\Crack\Serial.reg

C:\DOCUME~1\HP_ADM~1\My Documents\Downloads\Keygen.exe

C:\DOCUME~1\HP_ADM~1\My Documents\Downloads\Sony Vegas 7.0D KEYGEN

C:\DOCUME~1\HP_ADM~1\My Documents\Downloads\Sony Vegas 7.0D KEYGEN\keygen.exe

C:\DOCUME~1\HP_ADM~1\My Documents\Downloads\Sony Vegas 7.0D KEYGEN\Uploaded by Christley.txt

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\agreement.txt

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\CamRes2.dll

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\HyCam2.chm

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\HyCam2.exe

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\HyCam2.hc2lic

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\MClick2.dll

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\readme.txt

C:\DOCUME~1\HP_ADM~1\My Documents\HypCam\Crack\Torrent downloaded from Demonoid.com.txt

C:\DOCUME~1\HP_ADM~1\My Documents\My Music\iTunes\iTunes Music\The Union Underground\_..An Education In Rebellion\05 Until You Crack.m4a

C:\DOCUME~1\HP_ADM~1\Recent\Crack.lnk

[F:1][D:1]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp

[F:180][D:0]-> C:\DOCUME~1\HP_ADM~1\Cookies

[F:2][D:0]-> C:\DOCUME~1\HP_ADM~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 01/15/2009|17:46 - Option : [1]

--------------------\\ Scan completed at 17:46:58

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.