Virus Total:
a-squared 4.0.0.101 2009.03.21 -
AhnLab-V3 5.0.0.2 2009.03.21 -
AntiVir 7.9.0.120 2009.03.20 -
Authentium 5.1.2.4 2009.03.21 -
Avast 4.8.1335.0 2009.03.20 -
AVG 8.5.0.283 2009.03.20 -
BitDefender 7.2 2009.03.21 -
CAT-QuickHeal 10.00 2009.03.21 -
ClamAV 0.94.1 2009.03.21 -
Comodo 1078 2009.03.21 -
DrWeb 4.44.0.09170 2009.03.21 -
eSafe 7.0.17.0 2009.03.19 -
eTrust-Vet 31.6.6409 2009.03.20 -
F-Prot 4.4.4.56 2009.03.20 -
F-Secure 8.0.14470.0 2009.03.21 -
Fortinet 3.117.0.0 2009.03.21 -
GData 19 2009.03.21 -
Ikarus T3.1.1.48.0 2009.03.21 -
K7AntiVirus 7.10.677 2009.03.20 -
Kaspersky 7.0.0.125 2009.03.21 -
McAfee 5559 2009.03.20 -
McAfee+Artemis 5559 2009.03.20 -
McAfee-GW-Edition 6.7.6 2009.03.20 -
Microsoft 1.4502 2009.03.21 -
NOD32 3953 2009.03.21 -
Norman 6.00.06 2009.03.20 -
nProtect 2009.1.8.0 2009.03.21 -
Panda 10.0.0.10 2009.03.21 -
PCTools 4.4.2.0 2009.03.21 -
Prevx1 V2 2009.03.21 -
Rising 21.21.52.00 2009.03.21 -
Sophos 4.39.0 2009.03.21 -
Sunbelt 3.2.1858.2 2009.03.20 -
Symantec 1.4.4.12 2009.03.21 -
TheHacker 6.3.3.1.287 2009.03.21 -
TrendMicro 8.700.0.1004 2009.03.20 -
VBA32 3.12.10.1 2009.03.20 -
ViRobot 2009.3.20.1658 2009.03.20 -
VirusBuster 4.6.5.0 2009.03.21 -
Additional information
File size: 988160 bytes
MD5...: 8545f11baa3ea3be2c6998547b2fc1d5
SHA1..: 60c7fb9c0b41fdba228b500c7a77d39b17ea17f1
SHA256: 0e90cf58239bd8f24541a5f23e0c5cf647783c969ad009104833a257a6cb7eeb
SHA512: 647d9382370f596470e6a8a6a461e021491107c6a8c0d0126e2fc387c1f0d9a7
df494e4087c86bb93582f638f20012d8905ea059fd525dbe3797007b8b986e26
ssdeep: 6144:lQubbrQDpWZedAD6V0QGGKG1bGzGrk02jcedAD6V0QGGKG1bGzGrk02jced
AD6Va:DbXctAD6PP29AD6PP29AD6PP2
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2bb9
timedatestamp.....: 0x499e054e (Fri Feb 20 01:20:14 2009)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11537 0x11600 6.69 cab5b1555acbd14be315c37c90674b7a
.rdata 0x13000 0x30c0 0x3200 5.61 d38f22cea5feb69961f2ea86003c8b75
.data 0x17000 0x3268 0x1600 3.10 af5779c381904f897a4fd7c836e4f16f
.rsrc 0x1b000 0xd9746 0xd9800 3.71 d973e30f88206666b472dab48877f72b
.reloc 0xf5000 0x196a 0x1a00 4.13 d684ea55ac30d73895bf3ab6785de882
( 3 imports )
> KERNEL32.dll: ExpandEnvironmentStringsA, SetEndOfFile, GetProcAddress, FreeLibrary, LoadLibraryExA, GetModuleFileNameA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, EnterCriticalSection, LeaveCriticalSection, GetLastError, GetFullPathNameA, GetCurrentProcess, SetUnhandledExceptionFilter, GetModuleHandleA, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapDestroy, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, IsDebuggerPresent, Sleep, VirtualAlloc, HeapReAlloc, CloseHandle, RtlUnwind, RaiseException, GetDriveTypeA, WideCharToMultiByte, ReadFile, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetStdHandle, LoadLibraryA, InitializeCriticalSection, GetConsoleCP, GetConsoleMode, FlushFileBuffers, CreateFileA, HeapSize, GetCurrentDirectoryA, CompareStringA, CompareStringW, SetEnvironmentVariableA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetFileAttributesA
> USER32.dll: MessageBoxA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegEnumKeyExA, RegOpenKeyExA
( 0 exports )
DDS#1
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 14:02:16.25 on Sat 03/21/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.885 [GMT -5:00]
AV: avast! antivirus 4.8.1335 [VPS 090320-0] *On-access scanning enabled* (Updated)
FW: Avanquest NetDefense Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://qus10.hpwis.com/uSearch Page =
hxxp://srch-qus10.hpwis.com/uDefault_Page_URL =
hxxp://qus10.hpwis.com/uDefault_Search_URL =
hxxp://srch-qus10.hpwis.com/uSearch Bar =
hxxp://srch-qus10.hpwis.com/mSearch Bar =
hxxp://srch-qus10.hpwis.com/uInternet Connection Wizard,ShellNext =
hxxp://qus10.hpwis.com/uInternet Settings,ProxyOverride = localhost;*.local
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: XPL LinkScannerIE: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avanquest\systemsuite\LinkScannerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5,1,1,0.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LTMSG] LTMSG.exe 7
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [PS2] c:\windows\system32\ps2.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: eset.eu\www
DPF: CabBuilder -
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabDPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
hxxp://www.eset.eu/buxus/docs/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} -
hxxp://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/aut ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} -
hxxp://coke.mycokerewards.com/cabs/Entr ... Silent.cabNotify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\xqrlt8h4.default\
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xqrlt8h4.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\avanquest\systemsuite\firefox\components\SearchShield.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-4 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-4 138680]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-4 352920]
R3 KFilter;KFilter;c:\progra~1\avanqu~1\system~1\KFilter.sys [2008-8-21 54865]
R3 TFilter;TFilter;c:\progra~1\avanqu~1\system~1\TFilter.sys [2008-8-21 20225]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-4 254040]
=============== Created Last 30 ================
2009-03-18 22:38 339,968 a------- c:\windows\system32\pythoncom25.dll
2009-03-18 22:38 114,688 a------- c:\windows\system32\pywintypes25.dll
2009-03-18 22:37 2,117,632 a------- c:\windows\system32\python25.dll
2009-03-18 22:37 1,332,197 a------- c:\windows\system32\pythondll.zip
2009-03-18 22:36 <DIR> --d----- c:\program files\AGI
2009-03-18 17:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kontiki
2009-03-18 17:18 <DIR> --d----- c:\program files\My Coke Rewards Media Manager
2009-03-18 17:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Entriq
2009-03-18 17:12 <DIR> --d----- c:\program files\Kontiki
2009-03-18 17:12 <DIR> --d----- c:\program files\Entriq
2009-03-15 16:21 <DIR> --d----- c:\program files\Free Audio Pack
2009-03-14 10:40 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-14 10:40 208,744 a------- c:\windows\system32\muweb.dll
2009-03-14 10:40 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-13 15:39 <DIR> --d----- c:\documents and settings\owner\Tracing
2009-03-13 15:31 <DIR> --d----- c:\program files\Microsoft
2009-03-13 15:30 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-11 20:24 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-03-11 03:35 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-03-11 01:23 <DIR> --d----- c:\windows\system32\XPSViewer
2009-03-11 01:21 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-11 01:21 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-11 01:21 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-11 01:21 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-03-11 01:21 117,760 -------- c:\windows\system32\prntvpt.dll
2009-03-11 01:21 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-03-11 01:21 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-03-11 01:21 <DIR> --d----- C:\60e1fcd9013b315696
2009-03-10 00:03 <DIR> --d----- C:\Softendo
2009-03-09 22:41 <DIR> --d----- c:\program files\Trend Micro
2009-03-03 20:12 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-03-02 21:09 <DIR> --d----- c:\program files\Power Tab Software
2009-02-27 18:02 <DIR> --d----- c:\program files\common files\xing shared
2009-02-26 19:52 <DIR> --d----- c:\program files\Zone.com Deluxe Games
2009-02-21 16:57 471 a------- c:\windows\wininit.ini
2009-02-21 15:58 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-21 15:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-02-15 18:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 15:58 3,888 a------- c:\windows\viassary-hp.reg
2009-02-07 15:31 307,200 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\presario\xphnarp4en\plugin\bin\pchnotify.exe
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 00:32 28,928 a------- c:\windows\hpoins03.dat
2009-02-05 21:30 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-02-05 19:19 28,256 a------- c:\windows\system32\drivers\MxlW2k.sys
2009-02-04 01:09 21,419 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-04 00:33 3,708 a--shr-- c:\windows\system32\drivers\HP_P8656U-ABA S6000V NA410_YC_Pres_QMXP414_E41NAheRED4_4_IGamila Giovani Neon series_SMICRO-STAR INTERNATIONAL CO., LTD_V030_B3.06_T031231_WXH1_L409_M1272_J120_7Intel_8Pentium 4_92.5_1_N10EC8139_P_Z11C1044C_K_A808624C5.MRK
2009-01-22 15:28 290,816 a------- c:\windows\system32\decdll.dll
============= FINISH: 14:02:57.53 ===============
DDS#2
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-03-16.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/3/2009 11:31:50 PM
System Uptime: 3/21/2009 1:37:47 PM (1 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Pentium(R) 4 CPU 2.50GHz | Socket 478 | 2500/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 105 GiB total, 66.909 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 2.386 GiB free.
E: is CDROM ()
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: USB Device
Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_046D&PID_0920\5&126700AE&0&2
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_577C1462&REV_10\4&1A671D0C&0&60F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_577C1462&REV_10\4&1A671D0C&0&60F0
Service: rtl8139
==== System Restore Points ===================
RP13: 2/7/2009 11:46:27 PM - System Checkpoint
RP14: 2/8/2009 12:36:28 PM - Software Distribution Service 3.0
RP15: 2/8/2009 1:25:58 PM - Installed Java(TM) 6 Update 7
RP16: 2/8/2009 1:27:35 PM - Installed OpenOffice.org 3.0
RP17: 2/8/2009 4:18:08 PM - Software Distribution Service 3.0
RP18: 2/9/2009 11:24:48 AM - Installed Windows Live Messenger
RP19: 2/9/2009 11:25:21 AM - Installed Windows Live Sign-in Assistant
RP20: 2/9/2009 11:57:59 AM - Installed iTunes
RP21: 2/9/2009 9:10:50 PM - Software Distribution Service 3.0
RP22: 2/9/2009 9:34:12 PM - Software Distribution Service 3.0
RP23: 2/10/2009 4:33:07 PM - Installed Java(TM) 6 Update 11
RP24: 2/10/2009 11:00:20 PM - Software Distribution Service 3.0
RP25: 2/11/2009 9:44:22 PM - Software Distribution Service 3.0
RP26: 2/11/2009 10:37:10 PM - Software Distribution Service 3.0
RP27: 2/12/2009 11:30:22 PM - Software Distribution Service 3.0
RP28: 2/14/2009 5:18:04 PM - System Checkpoint
RP29: 2/15/2009 5:20:00 PM - System Checkpoint
RP30: 2/15/2009 5:49:40 PM - Removed Java(TM) 6 Update 11
RP31: 2/15/2009 5:50:17 PM - Installed Java(TM) 6 Update 12
RP32: 2/15/2009 10:11:38 PM - Installed Project64 1.6
RP33: 2/17/2009 3:09:56 PM - System Checkpoint
RP34: 2/18/2009 3:11:35 PM - System Checkpoint
RP35: 2/19/2009 5:39:42 PM - System Checkpoint
RP36: 2/20/2009 10:54:22 PM - System Checkpoint
RP37: 2/21/2009 2:30:31 PM - Registry
RP38: 2/22/2009 2:39:47 PM - System Checkpoint
RP39: 2/23/2009 6:28:15 PM - System Checkpoint
RP40: 2/24/2009 6:19:22 PM - Installed Windows Media Player 11
RP41: 2/24/2009 11:32:03 PM - Software Distribution Service 3.0
RP42: 2/26/2009 5:27:02 PM - System Checkpoint
RP43: 2/27/2009 7:07:34 PM - System Checkpoint
RP44: 2/28/2009 7:39:57 PM - System Checkpoint
RP45: 3/1/2009 8:20:07 PM - System Checkpoint
RP46: 3/2/2009 8:09:36 PM - Installed Power Tab Editor 1.7
RP47: 3/4/2009 7:48:48 PM - System Checkpoint
RP48: 3/5/2009 8:53:50 PM - Restore Operation
RP49: 3/9/2009 2:01:55 PM - System Checkpoint
RP50: 3/10/2009 6:06:06 PM - System Checkpoint
RP51: 3/10/2009 9:13:13 PM - Software Distribution Service 3.0
RP52: 3/10/2009 11:44:03 PM - Software Distribution Service 3.0
RP53: 3/11/2009 3:00:16 AM - Software Distribution Service 3.0
RP54: 3/11/2009 7:08:54 PM - Installed Windows Media Player 11
RP55: 3/11/2009 7:20:51 PM - Software Distribution Service 3.0
RP56: 3/11/2009 8:05:20 PM - Installed Windows Media Player 11
RP57: 3/11/2009 8:06:45 PM - Installed Windows XP MSCompPackV1.
RP58: 3/11/2009 11:41:13 PM - Software Distribution Service 3.0
RP59: 3/13/2009 9:49:03 AM - Software Distribution Service 3.0
RP60: 3/13/2009 10:15:55 AM - System.exe
RP61: 3/13/2009 2:55:32 PM - Removed Microsoft Office Standard Edition 2003
RP62: 3/13/2009 2:58:09 PM - Removed Microsoft Money 2004
RP63: 3/13/2009 2:59:39 PM - Removed Microsoft Money 2004 System Pack
RP64: 3/13/2009 3:00:28 PM - Configured Quicken 2004
RP65: 3/13/2009 3:02:46 PM - Removed Java(TM) 6 Update 7
RP66: 3/13/2009 3:04:27 PM - Removed Apple Mobile Device Support
RP67: 3/13/2009 3:07:00 PM - Removed Photoshop Album Starter Edition
RP68: 3/13/2009 3:07:41 PM - Configured easy Internet sign-up
RP69: 3/14/2009 5:42:03 PM - Software Distribution Service 3.0
RP70: 3/14/2009 4:57:41 PM - System Checkpoint
RP71: 3/17/2009 9:12:24 AM - System Checkpoint
==== Installed Programs ======================
1000Tour
1200
1200_Help
1200Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album Starter Edition
Adobe Reader 6.0
AiO_Scan
AIOMinimal
AiOSoftware
Apple Software Update
Audacity 1.2.6
avast! Antivirus
Blasterball 2 from Compaq (remove only)
Bonjour
Bounce Symphony from Compaq (remove only)
Choice Guard
Compaq Connections
Compaq Instant Support
Compaq Organize
Copy
CreativeProjects
Critical Update for Windows Media Player 11 (KB959772)
Cubis Deluxe
Director
DocProc
Entriq MediaSphere 3.6.0.15
ESET Online Scanner
Excavation from Compaq (remove only)
Fax
Five Card Frenzy from Compaq (remove only)
FoxyTunes for Firefox
Free Mp3 Wma Converter V 1.8.0
Free Video Converter V 1.5
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 12
Junk Mail filter update
KBD
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
My Coke Rewards Media Manager 1.0.0.9
NVIDIA GART Driver
OpenOffice.org 3.0
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
Overball from Compaq (remove only)
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Compaq (remove only)
Power Tab Editor 1.7
PrintScreen
Project64 1.6
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow!
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Segoe UI
SkinsHP1
SkinsHP2
Slyder from Compaq (remove only)
Songbird 1.0.0 (20081124)
Sonic Update Manager
Spybot - Search & Destroy
SystemSuite 8 Professional
TrayApp
TRENDnet TEW-421PC or TEW-423PI
TrueCrypt
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Watchtower Library 2007 - English
Watchtower Library 2008 - English
WebFldrs XP
WebReg
WildTangent GameChannel (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Zone Deluxe Games
==== Event Viewer Messages From Past Week ========
3/14/2009 12:33:05 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/14/2009 9:39:00 AM, error: Service Control Manager [7000] - The nVidia WDM A/V Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2009 9:39:00 AM, error: Service Control Manager [7000] - The nVidia WDM Video Capture (universal) service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/14/2009 7:55:29 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer TOSHIE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{84B6E6E1-4DC6-4616-BA. The master browser is stopping or an election is being forced.
3/16/2009 10:20:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
==== End Of File ===========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:08 PM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://srch-qus10.hpwis.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://srch-qus10.hpwis.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://qus10.hpwis.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.eset.euO16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {C56BF45D-4722-4EFD-AA14-9DB1E92661E3} (CocaCola Class) -
http://coke.mycokerewards.com/cabs/CocaCola_1_0_0_9.cabO16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) -
http://coke.mycokerewards.com/cabs/Entr ... Silent.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SystemSuite Task Manager - Avanquest North America, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
--
End of file - 6849 bytes
Also please note that my dad also has his own laptop running Vista that connects to the same network. Is it neccessary to post a Hijackthis log of his comp also?