Help--My cot of control. The mouse has it's own mind!

Started by tcrene, May 26, 2010, 12:58:39 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

tcrene

May 26, 2010, 12:58:39 AM
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/25 19:52
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF8597000   Size: 57344   File Visible: -   Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF83F8000   Size: 187776   File Visible: -   Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000   Size: 2066816   File Visible: -   Signed: -
Status: -

Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF8943000   Size: 11648   File Visible: -   Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEF2D0000   Size: 138496   File Visible: -   Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xF8A2F000   Size: 5248   File Visible: -   Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF8757000   Size: 60800   File Visible: -   Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xEC3B5000   Size: 14336   File Visible: -   Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF836C000   Size: 96512   File Visible: -   Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA18000   Size: 237568   File Visible: -   Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D6000   Size: 270336   File Visible: -   Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF793F000   Size: 1470464   File Visible: -   Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA88000   Size: 2519040   File Visible: -   Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBFA52000   Size: 221184   File Visible: -   Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFCEF000   Size: 1105920   File Visible: -   Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000   Size: 286720   File Visible: -   Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF8C51000   Size: 3072   File Visible: -   Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xEF0F6000   Size: 328576   File Visible: -   Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF87EF000   Size: 21120   File Visible: -   Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xEF31A000   Size: 101888   File Visible: -   Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF893F000   Size: 16384   File Visible: -   Signed: -
Status: -

Name: bcmwl5.sys
Image Path: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Address: 0xF784D000   Size: 424320   File Visible: -   Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8A65000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8937000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: camc6aud.sys
Image Path: C:\WINDOWS\system32\drivers\camc6aud.sys
Address: 0xF8657000   Size: 38016   File Visible: -   Signed: -
Status: -

Name: camc6hal.sys
Image Path: C:\WINDOWS\system32\drivers\camc6hal.sys
Address: 0xF77A7000   Size: 349312   File Visible: -   Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xEC0D1000   Size: 63744   File Visible: -   Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF8607000   Size: 62976   File Visible: -   Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF8567000   Size: 53248   File Visible: -   Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF821A000   Size: 13952   File Visible: -   Signed: -
Status: -

Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF893B000   Size: 10240   File Visible: -   Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF8557000   Size: 36352   File Visible: -   Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF8384000   Size: 153344   File Visible: -   Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A31000   Size: 5888   File Visible: -   Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF8667000   Size: 61440   File Visible: -   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF092000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8ACF000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEF299000   Size: 12288   File Visible: -   Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000   Size: 73728   File Visible: -   Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8C17000   Size: 4096   File Visible: -   Signed: -
Status: -

Name: EABFiltr.sys
Image Path: C:\WINDOWS\system32\drivers\EABFiltr.sys
Address: 0xF8A6B000   Size: 7936   File Visible: -   Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEF0D2000   Size: 143744   File Visible: -   Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8737000   Size: 44544   File Visible: -   Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF834C000   Size: 129792   File Visible: -   Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8A63000   Size: 7936   File Visible: -   Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF83AA000   Size: 125056   File Visible: -   Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF8A1F000   Size: 9984   File Visible: -   Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000   Size: 131840   File Visible: -   Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF759D000   Size: 718464   File Visible: -   Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xF764D000   Size: 1035008   File Visible: -   Signed: -
Status: -

Name: HSFHWATI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
Address: 0xF774A000   Size: 231424   File Visible: -   Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xECB1C000   Size: 265728   File Visible: -   Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF8627000   Size: 52480   File Visible: -   Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF85F7000   Size: 42112   File Visible: -   Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF8A2B000   Size: 5504   File Visible: -   Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xEF1E7000   Size: 152832   File Visible: -   Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xEF38C000   Size: 75264   File Visible: -   Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8527000   Size: 37248   File Visible: -   Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF88D7000   Size: 24576   File Visible: -   Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8A27000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEC1FD000   Size: 172416   File Visible: -   Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF78E4000   Size: 143360   File Visible: -   Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF8323000   Size: 92928   File Visible: -   Signed: -
Status: -

Name: MCSTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\MCSTRM.SYS
Address: 0xF8ACB000   Size: 7360   File Visible: -   Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xECD72000   Size: 11840   File Visible: -   Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8A67000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF88E7000   Size: 30080   File Visible: -   Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF88DF000   Size: 23040   File Visible: -   Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8537000   Size: 42368   File Visible: -   Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xECC4D000   Size: 180608   File Visible: -   Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xEF20D000   Size: 455680   File Visible: -   Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF87DF000   Size: 19072   File Visible: -   Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF86A7000   Size: 35072   File Visible: -   Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF81FA000   Size: 15488   File Visible: -   Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF824F000   Size: 105344   File Visible: -   Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF8269000   Size: 182656   File Visible: -   Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF8216000   Size: 10112   File Visible: -   Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xECF9A000   Size: 14592   File Visible: -   Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF7586000   Size: 91520   File Visible: -   Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF86C7000   Size: 40576   File Visible: -   Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF8717000   Size: 34688   File Visible: -   Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xEF2F2000   Size: 162816   File Visible: -   Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF85B7000   Size: 61824   File Visible: -   Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF87E7000   Size: 30848   File Visible: -   Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF8296000   Size: 574976   File Visible: -   Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000   Size: 2066816   File Visible: -   Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8BD9000   Size: 2944   File Visible: -   Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF8587000   Size: 61696   File Visible: -   Signed: -
Status: -

Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF8AF0000   Size: 4096   File Visible: -   Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87AF000   Size: 19712   File Visible: -   Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF83E7000   Size: 68224   File Visible: -   Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8AEF000   Size: 3328   File Visible: -   Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF87A7000   Size: 28672   File Visible: -   Signed: -
Status: -

Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF83C9000   Size: 120192   File Visible: -   Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000   Size: 2066816   File Visible: -   Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7783000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xF85E7000   Size: 35840   File Visible: -   Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF7575000   Size: 69120   File Visible: -   Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF88F7000   Size: 17792   File Visible: -   Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF87B7000   Size: 20000   File Visible: -   Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF89CF000   Size: 8832   File Visible: -   Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF8677000   Size: 51328   File Visible: -   Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF8687000   Size: 41472   File Visible: -   Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF8697000   Size: 48384   File Visible: -   Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF88FF000   Size: 16512   File Visible: -   Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000   Size: 2066816   File Visible: -   Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xEF2A5000   Size: 175744   File Visible: -   Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8A69000   Size: 4224   File Visible: -   Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF74A5000   Size: 196224   File Visible: -   Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF8617000   Size: 57600   File Visible: -   Signed: -
Status: -

Name: rootrepeal2.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal2.sys
Address: 0xF7407000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xF77FD000   Size: 78720   File Visible: -   Signed: -
Status: -

Name: sdbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Address: 0xF7811000   Size: 79232   File Visible: -   Signed: -
Status: -

Name: Serial.sys
Image Path: Serial.sys
Address: 0xF8577000   Size: 64512   File Visible: -   Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF833A000   Size: 73472   File Visible: -   Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xEC9D5000   Size: 353792   File Visible: -   Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF8A59000   Size: 4352   File Visible: -   Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF78B5000   Size: 190400   File Visible: -   Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEC375000   Size: 60800   File Visible: -   Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xEF333000   Size: 361600   File Visible: -   Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF88EF000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF86B7000   Size: 40704   File Visible: -   Signed: -
Status: -

Name: tifm21.sys
Image Path: C:\WINDOWS\system32\drivers\tifm21.sys
Address: 0xF7825000   Size: 162432   File Visible: -   Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF7447000   Size: 384768   File Visible: -   Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF8A57000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF88CF000   Size: 30208   File Visible: -   Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF86F7000   Size: 59520   File Visible: -   Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF88C7000   Size: 17152   File Visible: -   Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF7907000   Size: 147456   File Visible: -   Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF87D7000   Size: 20992   File Visible: -   Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF8A2D000   Size: 5376   File Visible: -   Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF792B000   Size: 81920   File Visible: -   Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8547000   Size: 52352   File Visible: -   Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF8747000   Size: 34560   File Visible: -   Signed: -
Status: -

Name: wanatw4.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanatw4.sys
Address: 0xF8907000   Size: 20512   File Visible: -   Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF882F000   Size: 20480   File Visible: -   Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEC2E0000   Size: 83072   File Visible: -   Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000   Size: 1851392   File Visible: -   Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000   Size: 1851392   File Visible: -   Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF8A1B000   Size: 8832   File Visible: -   Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF8A29000   Size: 8192   File Visible: -   Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000   Size: 2066816   File Visible: -   Signed: -
Status: -

Corrine

#1
May 26, 2010, 01:04:19 AM
Hi, tcrene. 

Due to forum software restrictions, all of the RootRepeal log didn't post.  See if you can pick up from where it left off and copy/paste the remainder.  Then copy/paste the RSIT logs.  It may take two or more replies to get the full logs posted.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

tcrene

#2
May 26, 2010, 01:04:21 AM
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/25 19:53
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Processes
-------------------
Path: System
PID: 4   Status: -

Path: C:\WINDOWS\ehome\ehmsas.exe
PID: 148   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 264   Status: -

Path: C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PID: 328   Status: -

Path: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PID: 340   Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 376   Status: -

Path: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PID: 392   Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 424   Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 436   Status: -

Path: C:\WINDOWS\ehome\ehrecvr.exe
PID: 472   Status: -

Path: C:\Program Files\Common Files\AOL\1148255825\EE\aolsoftware.exe
PID: 580   Status: -

Path: C:\WINDOWS\ehome\ehSched.exe
PID: 596   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 640   Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 676   Status: -

Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 752   Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 764   Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 840   Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 868   Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 920   Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 932   Status: -

Path: C:\Program Files\Common Files\Java\Java Update\jusched.exe
PID: 984   Status: -

Path: C:\Program Files\Ares\Ares.exe
PID: 1036   Status: -

Path: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 1040   Status: -

Path: C:\WINDOWS\system32\ati2evxx.exe
PID: 1088   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1104   Status: -

Path: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 1152   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1180   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1220   Status: -

Path: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PID: 1240   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1280   Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 1292   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1376   Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 1432   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1456   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1476   Status: -

Path: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 1560   Status: -

Path: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 1584   Status: -

Path: C:\Program Files\QuickTime\QTTask.exe
PID: 1684   Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 1732   Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 1840   Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 1936   Status: -

Path: C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PID: 2028   Status: -

Path: C:\PROGRA~1\HPQ\shared\HPQTOA~1.EXE
PID: 2064   Status: -

Path: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PID: 2120   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2148   Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 2208   Status: -

Path: C:\WINDOWS\system32\dllhost.exe
PID: 2284   Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 2324   Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 2440   Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PID: 2756   Status: -

Path: C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
PID: 2760   Status: -

Path: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PID: 2796   Status: -

Path: C:\WINDOWS\system32\ati2evxx.exe
PID: 2860   Status: -

Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 3064   Status: -

Path: C:\WINDOWS\explorer.exe
PID: 3100   Status: -

Path: C:\WINDOWS\system32\wuauclt.exe
PID: 3248   Status: -

Path: C:\Program Files\Messenger\msmsgs.exe
PID: 3356   Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3368   Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 3440   Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 3540   Status: -

Path: C:\WINDOWS\ehome\ehtray.exe
PID: 3636   Status: -

Path: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 3680   Status: -

Path: C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PID: 3688   Status: -

Path: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PID: 3712   Status: -

Path: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3720   Status: -

Path: C:\Documents and Settings\owner\My Documents\Downloads\RootRepeal(2).exe
PID: 3800   Status: -

Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 3896   Status: -

Path: C:\Program Files\HP\QuickPlay\QPService.exe
PID: 3908   Status: -

Path: C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PID: 3924   Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 4020   Status: -

Path: C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
PID: 4052   Status: -

tcrene

#3
May 26, 2010, 01:08:51 AM
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/05/25 19:53
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

SSDT
-------------------
#: 000   Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001   Function Name: NtAccessCheck
Status: Not hooked

#: 002   Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003   Function Name: NtAccessCheckByType
Status: Not hooked

#: 004   Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005   Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006   Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007   Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008   Function Name: NtAddAtom
Status: Not hooked

#: 009   Function Name: NtAddBootEntry
Status: Not hooked

#: 010   Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011   Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012   Function Name: NtAlertResumeThread
Status: Not hooked

#: 013   Function Name: NtAlertThread
Status: Not hooked

#: 014   Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015   Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016   Function Name: NtAllocateUuids
Status: Not hooked

#: 017   Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018   Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019   Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020   Function Name: NtCallbackReturn
Status: Not hooked

#: 021   Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022   Function Name: NtCancelIoFile
Status: Not hooked

#: 023   Function Name: NtCancelTimer
Status: Not hooked

#: 024   Function Name: NtClearEvent
Status: Not hooked

#: 025   Function Name: NtClose
Status: Not hooked

#: 026   Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027   Function Name: NtCompactKeys
Status: Not hooked

#: 028   Function Name: NtCompareTokens
Status: Not hooked

#: 029   Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030   Function Name: NtCompressKey
Status: Not hooked

#: 031   Function Name: NtConnectPort
Status: Not hooked

#: 032   Function Name: NtContinue
Status: Not hooked

#: 033   Function Name: NtCreateDebugObject
Status: Not hooked

#: 034   Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035   Function Name: NtCreateEvent
Status: Not hooked

#: 036   Function Name: NtCreateEventPair
Status: Not hooked

#: 037   Function Name: NtCreateFile
Status: Not hooked

#: 038   Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039   Function Name: NtCreateJobObject
Status: Not hooked

#: 040   Function Name: NtCreateJobSet
Status: Not hooked

#: 041   Function Name: NtCreateKey
Status: Not hooked

#: 042   Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043   Function Name: NtCreateMutant
Status: Not hooked

#: 044   Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045   Function Name: NtCreatePagingFile
Status: Not hooked

#: 046   Function Name: NtCreatePort
Status: Not hooked

#: 047   Function Name: NtCreateProcess
Status: Not hooked

#: 048   Function Name: NtCreateProcessEx
Status: Not hooked

#: 049   Function Name: NtCreateProfile
Status: Not hooked

#: 050   Function Name: NtCreateSection
Status: Not hooked

#: 051   Function Name: NtCreateSemaphore
Status: Not hooked

#: 052   Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053   Function Name: NtCreateThread
Status: Not hooked

#: 054   Function Name: NtCreateTimer
Status: Not hooked

#: 055   Function Name: NtCreateToken
Status: Not hooked

#: 056   Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057   Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058   Function Name: NtDebugContinue
Status: Not hooked

#: 059   Function Name: NtDelayExecution
Status: Not hooked

#: 060   Function Name: NtDeleteAtom
Status: Not hooked

#: 061   Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062   Function Name: NtDeleteFile
Status: Not hooked

#: 063   Function Name: NtDeleteKey
Status: Not hooked

#: 064   Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065   Function Name: NtDeleteValueKey
Status: Not hooked

#: 066   Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067   Function Name: NtDisplayString
Status: Not hooked

#: 068   Function Name: NtDuplicateObject
Status: Not hooked

#: 069   Function Name: NtDuplicateToken
Status: Not hooked

#: 070   Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071   Function Name: NtEnumerateKey
Status: Not hooked

#: 072   Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073   Function Name: NtEnumerateValueKey
Status: Not hooked

#: 074   Function Name: NtExtendSection
Status: Not hooked

#: 075   Function Name: NtFilterToken
Status: Not hooked

#: 076   Function Name: NtFindAtom
Status: Not hooked

#: 077   Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078   Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079   Function Name: NtFlushKey
Status: Not hooked

#: 080   Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081   Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082   Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083   Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084   Function Name: NtFsControlFile
Status: Not hooked

#: 085   Function Name: NtGetContextThread
Status: Not hooked

#: 086   Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087   Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088   Function Name: NtGetWriteWatch
Status: Not hooked

#: 089   Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090   Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091   Function Name: NtImpersonateThread
Status: Not hooked

#: 092   Function Name: NtInitializeRegistry
Status: Not hooked

#: 093   Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094   Function Name: NtIsProcessInJob
Status: Not hooked

#: 095   Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096   Function Name: NtListenPort
Status: Not hooked

#: 097   Function Name: NtLoadDriver
Status: Not hooked

#: 098   Function Name: NtLoadKey
Status: Not hooked

#: 099   Function Name: NtLoadKey2
Status: Not hooked

#: 100   Function Name: NtLockFile
Status: Not hooked

#: 101   Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102   Function Name: NtLockRegistryKey
Status: Not hooked

#: 103   Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104   Function Name: NtMakePermanentObject
Status: Not hooked

#: 105   Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106   Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107   Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108   Function Name: NtMapViewOfSection
Status: Not hooked

#: 109   Function Name: NtModifyBootEntry
Status: Not hooked

#: 110   Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111   Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112   Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113   Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114   Function Name: NtOpenEvent
Status: Not hooked

#: 115   Function Name: NtOpenEventPair
Status: Not hooked

#: 116   Function Name: NtOpenFile
Status: Not hooked

#: 117   Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118   Function Name: NtOpenJobObject
Status: Not hooked

#: 119   Function Name: NtOpenKey
Status: Not hooked

#: 120   Function Name: NtOpenMutant
Status: Not hooked

#: 121   Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122   Function Name: NtOpenProcess
Status: Not hooked

#: 123   Function Name: NtOpenProcessToken
Status: Not hooked

#: 124   Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125   Function Name: NtOpenSection
Status: Not hooked

#: 126   Function Name: NtOpenSemaphore
Status: Not hooked

#: 127   Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128   Function Name: NtOpenThread
Status: Not hooked

#: 129   Function Name: NtOpenThreadToken
Status: Not hooked

#: 130   Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131   Function Name: NtOpenTimer
Status: Not hooked

#: 132   Function Name: NtPlugPlayControl
Status: Not hooked

#: 133   Function Name: NtPowerInformation
Status: Not hooked

#: 134   Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135   Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136   Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137   Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138   Function Name: NtPulseEvent
Status: Not hooked

#: 139   Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140   Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141   Function Name: NtQueryBootOptions
Status: Not hooked

#: 142   Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143   Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144   Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145   Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146   Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147   Function Name: NtQueryEaFile
Status: Not hooked

#: 148   Function Name: NtQueryEvent
Status: Not hooked

#: 149   Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150   Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151   Function Name: NtQueryInformationFile
Status: Not hooked

#: 152   Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153   Function Name: NtQueryInformationPort
Status: Not hooked

#: 154   Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155   Function Name: NtQueryInformationThread
Status: Not hooked

#: 156   Function Name: NtQueryInformationToken
Status: Not hooked

#: 157   Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158   Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159   Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160   Function Name: NtQueryKey
Status: Not hooked

#: 161   Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162   Function Name: NtQueryMutant
Status: Not hooked

#: 163   Function Name: NtQueryObject
Status: Not hooked

#: 164   Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165   Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166   Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167   Function Name: NtQuerySection
Status: Not hooked

#: 168   Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169   Function Name: NtQuerySemaphore
Status: Not hooked

#: 170   Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171   Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172   Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173   Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174   Function Name: NtQuerySystemTime
Status: Not hooked

#: 175   Function Name: NtQueryTimer
Status: Not hooked

#: 176   Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177   Function Name: NtQueryValueKey
Status: Not hooked

#: 178   Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179   Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180   Function Name: NtQueueApcThread
Status: Not hooked

#: 181   Function Name: NtRaiseException
Status: Not hooked

#: 182   Function Name: NtRaiseHardError
Status: Not hooked

#: 183   Function Name: NtReadFile
Status: Not hooked

#: 184   Function Name: NtReadFileScatter
Status: Not hooked

#: 185   Function Name: NtReadRequestData
Status: Not hooked

#: 186   Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187   Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188   Function Name: NtReleaseMutant
Status: Not hooked

#: 189   Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190   Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191   Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192   Function Name: NtRenameKey
Status: Not hooked

#: 193   Function Name: NtReplaceKey
Status: Not hooked

#: 194   Function Name: NtReplyPort
Status: Not hooked

#: 195   Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196   Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197   Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198   Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199   Function Name: NtRequestPort
Status: Not hooked

#: 200   Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201   Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202   Function Name: NtResetEvent
Status: Not hooked

#: 203   Function Name: NtResetWriteWatch
Status: Not hooked

#: 204   Function Name: NtRestoreKey
Status: Not hooked

#: 205   Function Name: NtResumeProcess
Status: Not hooked

#: 206   Function Name: NtResumeThread
Status: Not hooked

#: 207   Function Name: NtSaveKey
Status: Not hooked

#: 208   Function Name: NtSaveKeyEx
Status: Not hooked

#: 209   Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210   Function Name: NtSecureConnectPort
Status: Not hooked

#: 211   Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212   Function Name: NtSetBootOptions
Status: Not hooked

#: 213   Function Name: NtSetContextThread
Status: Not hooked

#: 214   Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215   Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216   Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217   Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218   Function Name: NtSetEaFile
Status: Not hooked

#: 219   Function Name: NtSetEvent
Status: Not hooked

#: 220   Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221   Function Name: NtSetHighEventPair
Status: Not hooked

#: 222   Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223   Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224   Function Name: NtSetInformationFile
Status: Not hooked

#: 225   Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226   Function Name: NtSetInformationKey
Status: Not hooked

#: 227   Function Name: NtSetInformationObject
Status: Not hooked

#: 228   Function Name: NtSetInformationProcess
Status: Not hooked

#: 229   Function Name: NtSetInformationThread
Status: Not hooked

#: 230   Function Name: NtSetInformationToken
Status: Not hooked

#: 231   Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232   Function Name: NtSetIoCompletion
Status: Not hooked

#: 233   Function Name: NtSetLdtEntries
Status: Not hooked

#: 234   Function Name: NtSetLowEventPair
Status: Not hooked

#: 235   Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236   Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237   Function Name: NtSetSecurityObject
Status: Not hooked

#: 238   Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239   Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240   Function Name: NtSetSystemInformation
Status: Not hooked

#: 241   Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242   Function Name: NtSetSystemTime
Status: Not hooked

#: 243   Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244   Function Name: NtSetTimer
Status: Not hooked

#: 245   Function Name: NtSetTimerResolution
Status: Not hooked

#: 246   Function Name: NtSetUuidSeed
Status: Not hooked

#: 247   Function Name: NtSetValueKey
Status: Not hooked

#: 248   Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249   Function Name: NtShutdownSystem
Status: Not hooked

#: 250   Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251   Function Name: NtStartProfile
Status: Not hooked

#: 252   Function Name: NtStopProfile
Status: Not hooked

#: 253   Function Name: NtSuspendProcess
Status: Not hooked

#: 254   Function Name: NtSuspendThread
Status: Not hooked

#: 255   Function Name: NtSystemDebugControl
Status: Not hooked

#: 256   Function Name: NtTerminateJobObject
Status: Not hooked

#: 257   Function Name: NtTerminateProcess
Status: Not hooked

#: 258   Function Name: NtTerminateThread
Status: Not hooked

#: 259   Function Name: NtTestAlert
Status: Not hooked

#: 260   Function Name: NtTraceEvent
Status: Not hooked

#: 261   Function Name: NtTranslateFilePath
Status: Not hooked

#: 262   Function Name: NtUnloadDriver
Status: Not hooked

#: 263   Function Name: NtUnloadKey
Status: Not hooked

#: 264   Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265   Function Name: NtUnlockFile
Status: Not hooked

#: 266   Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267   Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268   Function Name: NtVdmControl
Status: Not hooked

#: 269   Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270   Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271   Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272   Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273   Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274   Function Name: NtWriteFile
Status: Not hooked

#: 275   Function Name: NtWriteFileGather
Status: Not hooked

#: 276   Function Name: NtWriteRequestData
Status: Not hooked

#: 277   Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278   Function Name: NtYieldExecution
Status: Not hooked

#: 279   Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280   Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281   Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282   Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283   Function Name: NtQueryPortInformationProcess
Status: Not hooked

tcrene

#4
May 26, 2010, 01:28:16 AM
Logfile of random's system information tool 1.07 (written by random/random)
Run by owner at 2010-05-25 20:21:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (52%) free of 63 GB
Total RAM: 510 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:22:43 PM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\owner\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SprintDSLSetup] E:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://c:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O24 - Desktop Component 0: (no name) - http://www.atribune.org/templates/logo4.jpg

--
End of file - 11106 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2005-04-20 472744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-11 344064]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
""= []
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"SprintDSLSetup"=E:\installs\BrdJmp\SprintDSLSetup.exe []
"HostManager"=C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe [2006-09-25 50736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-04-19 271936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-25 2046816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Corel Photo Downloader"=C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe [2007-02-06 478800]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-10 68856]
"ares"=C:\Program Files\Ares\Ares.exe [2008-12-04 3075584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-07 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1148255825\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1148255825\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\1148255825\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148255825\EE\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Documents and Settings\owner\Application Data\U3\000015605B600D35\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="C:\Documents and Settings\owner\Application Data\U3\000015605B600D35\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b9ed96f-e94a-11da-8e15-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-05-25 20:21:36 ----D---- C:\rsit
2010-05-25 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-25 20:01:02 ----D---- C:\WINDOWS\LastGood
2010-05-24 20:49:39 ----D---- C:\WINDOWS\ERDNT
2010-05-24 20:48:40 ----D---- C:\Program Files\ERUNT
2010-05-12 20:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-26 20:03:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-26 20:02:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-26 20:02:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-26 20:02:54 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-26 20:02:53 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-05-25 20:22:43 ----D---- C:\Program Files\Trend Micro
2010-05-25 20:21:32 ----D---- C:\WINDOWS\Prefetch
2010-05-25 20:01:49 ----HD---- C:\WINDOWS\inf
2010-05-25 20:01:38 ----D---- C:\WINDOWS
2010-05-25 20:01:25 ----D---- C:\WINDOWS\system32
2010-05-25 20:00:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 19:50:52 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 19:48:22 ----D---- C:\WINDOWS\system32\config
2010-05-25 19:19:02 ----ASH---- C:\hpqp.ini
2010-05-25 19:18:48 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2010-05-25 17:34:28 ----D---- C:\WINDOWS\Temp
2010-05-25 17:28:12 ----A---- C:\XP_TV.ini
2010-05-25 17:26:45 ----D---- C:\WINDOWS\Registration
2010-05-24 21:26:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-24 20:57:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 20:48:40 ----D---- C:\Program Files
2010-05-20 12:44:34 ----HD---- C:\$AVG8.VAULT$
2010-05-12 20:03:11 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 20:02:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-12 20:02:42 ----D---- C:\Program Files\Outlook Express
2010-05-12 00:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 18:34:52 ----A---- C:\WINDOWS\win.ini
2010-05-10 18:34:47 ----SHD---- C:\WINDOWS\Installer
2010-05-10 18:34:44 ----HD---- C:\Config.Msi
2010-04-30 13:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-26 20:03:49 ----D---- C:\Program Files\Common Files\Java
2010-04-26 20:02:11 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-07 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-07 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-07 108552]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-06-21 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-01 1412608]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-12-17 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-01 393216]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-03-07 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-03-08 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-26 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------

tcrene

#5
May 26, 2010, 01:30:54 AM
Logfile of random's system information tool 1.07 (written by random/random)
Run by owner at 2010-05-25 20:21:36
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (52%) free of 63 GB
Total RAM: 510 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:22:43 PM, on 5/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\owner\My Documents\Downloads\RSIT(2).exe
C:\Program Files\trend micro\owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [SprintDSLSetup] E:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://c:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O24 - Desktop Component 0: (no name) - http://www.atribune.org/templates/logo4.jpg

--
End of file - 11106 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2005-04-20 472744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-11 344064]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
""= []
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2006-10-23 71216]
"SprintDSLSetup"=E:\installs\BrdJmp\SprintDSLSetup.exe []
"HostManager"=C:\Program Files\Common Files\AOL\1148255825\ee\AOLSoftware.exe [2006-09-25 50736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2007-04-19 271936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-25 2046816]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"Corel Photo Downloader"=C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe [2007-02-06 478800]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-10 68856]
"ares"=C:\Program Files\Ares\Ares.exe [2008-12-04 3075584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Documents and Settings\owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-01 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-07 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1148255825\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1148255825\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Common Files\AOL\1148255825\EE\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1148255825\EE\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Documents and Settings\owner\Application Data\U3\000015605B600D35\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe"="C:\Documents and Settings\owner\Application Data\U3\000015605B600D35\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b9ed96f-e94a-11da-8e15-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-05-25 20:21:36 ----D---- C:\rsit
2010-05-25 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-25 20:01:02 ----D---- C:\WINDOWS\LastGood
2010-05-24 20:49:39 ----D---- C:\WINDOWS\ERDNT
2010-05-24 20:48:40 ----D---- C:\Program Files\ERUNT
2010-05-12 20:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-26 20:03:53 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-26 20:02:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-26 20:02:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-26 20:02:54 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-26 20:02:53 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-05-25 20:22:43 ----D---- C:\Program Files\Trend Micro
2010-05-25 20:21:32 ----D---- C:\WINDOWS\Prefetch
2010-05-25 20:01:49 ----HD---- C:\WINDOWS\inf
2010-05-25 20:01:38 ----D---- C:\WINDOWS
2010-05-25 20:01:25 ----D---- C:\WINDOWS\system32
2010-05-25 20:00:54 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-25 19:50:52 ----D---- C:\WINDOWS\system32\drivers
2010-05-25 19:48:22 ----D---- C:\WINDOWS\system32\config
2010-05-25 19:19:02 ----ASH---- C:\hpqp.ini
2010-05-25 19:18:48 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2010-05-25 17:34:28 ----D---- C:\WINDOWS\Temp
2010-05-25 17:28:12 ----A---- C:\XP_TV.ini
2010-05-25 17:26:45 ----D---- C:\WINDOWS\Registration
2010-05-24 21:26:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-24 20:57:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-24 20:48:40 ----D---- C:\Program Files
2010-05-20 12:44:34 ----HD---- C:\$AVG8.VAULT$
2010-05-12 20:03:11 ----A---- C:\WINDOWS\imsins.BAK
2010-05-12 20:02:44 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-05-12 20:02:42 ----D---- C:\Program Files\Outlook Express
2010-05-12 00:09:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-10 18:34:52 ----A---- C:\WINDOWS\win.ini
2010-05-10 18:34:47 ----SHD---- C:\WINDOWS\Installer
2010-05-10 18:34:44 ----HD---- C:\Config.Msi
2010-04-30 13:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-26 20:03:49 ----D---- C:\Program Files\Common Files\Java
2010-04-26 20:02:11 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-07 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-07 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-07 108552]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2006-06-21 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-01 1412608]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-12-17 424320]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-01 393216]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2010-03-07 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2010-03-08 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-04-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-26 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-24 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe []
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

-----------------EOF-----------------

Corrine

#6
May 26, 2010, 01:47:15 AM
Hi, TCRene.  Let's start with a scan.  In the meantime, see if an external mouse helps.

Please download ATF Cleaner by Atribune from http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 .

Save it to your Desktop.

Run ATF Cleaner

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.


Please download Malwarebytes' Anti-Malware to your desktop.  If that link isn't working, please use http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here on Windows XP: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt and C:\Users\UserName\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt on Windows Vista and Windows 7.
  • Please post contents of that file in your next reply and a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#7
May 27, 2010, 12:36:25 AM
Per message, problem solved.  External mouse purchased and everything is working fine.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions