Solved Your computer is infected with a virus! (?)

[Resolved] Your computer is infected with a virus! (?)

My friend called me today about a pop-up window she saw on her computer screen that caused her some alarm.

The wording in the thread title is the best she can recall. (She did not write down the wording.)

========

She stated Windows shut had down on its own (which is apparently unusual for her). Perhaps this was due to a Microsoft automatic critical update. There are currently updates waiting to be installed but I will wait until we deem the computer clean.

She Googled christian manifesto and, shortly afterwards, things went awry.

Here are the contents of her Firefox browser history for today (with http changed to hxxp to prevent others from accidental clicks).

christian manifesto - Google Search
hxxp://www.google.com/#hl=en&source=hp&q=christian+manifesto&aq=f&aqi=g3g-m7&aql=&oq=&gs_rfai=CH5bY9I1YTJLXJIGwNJjxheIGAAAAqgQFT9DSe5k&pbx=1&fp=8631cdd35a4d476d

christian manifesto summary - Google Search
hxxp://www.google.com/#hl=en&source=hp&q=christian+manifesto+summary&aq=1&aqi=g3g-m7&aql=&oq=christian+manifesto&gs_rfai=CYo3Bp3NYTIyKAouWMNfWvdoGAAAAqgQFT9AfPmY&pbx=1&fp=8631cdd35a4d476d

christianmanifesto.com - christian manifesto Resources and Information. This website is for sale!
hxxp://www.christianmanifesto.com/

christianmanifesto.com - hot photos Resources and Information. This website is for sale!
hxxp://www.christianmanifesto.com/info/Hot-photos.html?ses=Y3JlPTEyODA4NjQzNTImdGNpZD13d3cuY2hyaXN0aWFubWFuaWZlc3RvLmNvbTRjNTg3MDVmZWZhZGE0LjU3MjcyNDk0JmZraT01NTEzMDUzNCZ0YXNrPXNlYXJjaCZkb21haW49Y2hyaXN0aWFubWFuaWZlc3RvLmNvbSZzPWExYmJiZDQ0ZGVmNTY1ZmY1ZTAwJmxhbmd1YWdlPWVuJnBndD1Cak9PU0RmVUl6SUtFd2ptME9MRmg1NmpBaFdQV3Q0S0hkOEdOeW9ZQUNBQU1PM3lzUkU0RFZEdDhyRVJVUG1ncnlsUWtPSFF4QUkmYWdzPVJjOGxmQlJIWS1vS0V3am0wT0xGaDU2akFoV1BXdDRLSGQ4R055b1lBeUFBTU8zeXNSRTREVkR0OHJFUlVQbWdyeWxRa09IUXhBSSZhX2lkPTIma2V5d29yZD1Ib3QrcGhvdG9zJnBvcz0xMyZrd3M9NyZrd3NpPTg=&token=BjOOSDfUIzIKEwjm0OLFh56jAhWPWt4KHd8GNyoYACAAMO3ysRE4DVDt8rERUPmgrylQkOHQxAI

Google
hxxp://www.google.com/

index.php
hxxp://77.78.239.194/index.php?q=LROBX9KGAYS41I3625G2EC2551N786S0S6G0D9O5ZHKCBNB61SE796HQ97X6PR746F917MZ203V9HIBArPEUqIScGOlBNOlJpW1E7QhoqVklFXhFeXEoyVwxfI0wwUCJQJjR4P3AyckoAL3RLCEp5YwEHYABkawIBQiNKRQ%253D%253D

index.php
hxxp://91.213.157.178/index.php?q=g5so

index.php
hxxp://91.213.157.178/index.php?q=stl5

McAfee - Computer Anti-Virus Software and Internet Security For Your PC
hxxp://us.mcafee.com/root/runliteapp.asp?auto=1&cver=1.0.150.0&lang=en-us&eula=1&affid=739&rurl=hxxp%3A%2F%2Fliteapps%2Emcafee%2Ecom%2Fapps%2Fmss%2F1%2E0%2Fupdate%2F

SecurityScan_Release_small.exe
hxxp://download.mcafee.com/molbin/iss-loc/mss/739/2.0.181.2/SecurityScan_Release_small.exe

The domain is available for purchase - Sedo.co.uk
hxxp://www.sedo.com/search/details.php4?domain=christianmanifesto.com&language=e&et_sub=22&partnerid=14456&et_cid=15&et_lid=14274

Wait a minute! This is important - we check your system
hxxp://91.213.157.178/index.php?q=GDW86Y778E2GZZLFVY4S35241CEHQ057RDNF4819073KIB83M5H85O19OMSYJY8R73A7YFWHLSdERgZeU0Q1XRgzPjAnMQZdN09eV01NNywlNExJAGdqf3QaAQAXCQBPejVzRAIxBilaAitQWy4oMD96bwg2UVJyAT8gNHF8YQsHPw5TAXxOdmhifH5gbAZlBUFXR0U%253D

wltkl.php
hxxp://adultdatingchat.com.au/mgkau/wltkl.php?hk=642526

================

My friend stated the index.php windows gave her the options to save as a file or cancel. She said she could not cancel. (Window kept popping back up?)

I did not perform any anti-malware scans yet. I will follow your directions to the letter.

I will post the my friend's DDS logs in my next post and wait for your instructions.

 

I exited out of WinPatrol before running DDS from the desktop.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 17:57:18.15 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.179 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydial/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_3_12_0.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [BackupNotify] c:\program files\hp\digital imaging\bin\backupnotify.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg SchedulerV2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.7559722222
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1hsb50lg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-7-17 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-26 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-26 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-26 56816]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-3-30 93320]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]
S2 mrtRate;mrtRate; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S4 0213051256338582mcinstcleanup;McAfee Application Installer Cleanup (0213051256338582);c:\windows\temp\021305~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\021305~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

=============== Created Last 30 ================

2010-07-20 01:52:44 0 d-----w- c:\program files\iPod
2010-07-20 01:52:05 0 d-----w- c:\program files\iTunes
2010-07-15 07:07:51 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-14 20:49:14 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 21:58:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 21:54:30 0 d-----r- c:\program files\Skype
2010-07-12 21:12:53 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-12 21:12:27 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-07-12 21:12:27 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-07-12 21:12:27 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-07-12 21:12:25 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-07-12 21:12:22 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-07-12 21:12:16 34068 ----a-r- c:\windows\system32\Repository.reg
2010-07-12 21:12:15 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-07-12 21:12:15 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-07-12 21:12:14 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-07-12 21:12:14 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-07-12 21:09:47 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-12 21:09:15 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-12 20:59:47 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-12 20:59:47 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-12 20:59:31 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-12 20:59:31 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-12 20:59:31 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-07-12 20:59:31 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-07-12 20:59:24 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-12 20:59:24 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

==================== Find3M ====================

2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2004-07-26 22:23:27 0 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 17:58:40.42 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/26/2004 3:27:51 PM
System Uptime: 8/3/2010 3:28:31 PM (2 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2083/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 37.894 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.722 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1465: 5/5/2010 7:45:11 PM - System Checkpoint
RP1466: 5/6/2010 8:30:04 PM - System Checkpoint
RP1467: 5/7/2010 9:24:33 PM - System Checkpoint
RP1468: 5/8/2010 10:25:39 PM - System Checkpoint
RP1469: 5/9/2010 10:49:34 PM - System Checkpoint
RP1470: 5/10/2010 11:39:26 PM - System Checkpoint
RP1471: 5/12/2010 12:24:35 AM - System Checkpoint
RP1472: 5/12/2010 3:01:11 AM - Software Distribution Service 3.0
RP1473: 5/13/2010 3:29:48 AM - System Checkpoint
RP1474: 5/14/2010 3:43:21 AM - System Checkpoint
RP1475: 5/15/2010 5:17:57 AM - System Checkpoint
RP1476: 5/16/2010 5:30:00 AM - System Checkpoint
RP1477: 5/17/2010 6:49:18 AM - System Checkpoint
RP1478: 5/18/2010 7:29:55 AM - System Checkpoint
RP1479: 5/19/2010 8:30:51 AM - System Checkpoint
RP1480: 5/20/2010 9:29:28 AM - System Checkpoint
RP1481: 5/21/2010 10:29:28 AM - System Checkpoint
RP1482: 5/22/2010 11:29:27 AM - System Checkpoint
RP1483: 5/23/2010 12:30:36 PM - System Checkpoint
RP1484: 5/24/2010 1:54:16 PM - System Checkpoint
RP1485: 5/25/2010 2:29:27 PM - System Checkpoint
RP1486: 5/26/2010 3:29:07 PM - System Checkpoint
RP1487: 5/27/2010 3:00:30 AM - Software Distribution Service 3.0
RP1488: 5/28/2010 3:38:51 AM - System Checkpoint
RP1489: 5/29/2010 3:42:12 AM - System Checkpoint
RP1490: 5/30/2010 5:41:17 AM - System Checkpoint
RP1491: 5/31/2010 6:28:24 AM - System Checkpoint
RP1492: 6/1/2010 8:50:09 AM - System Checkpoint
RP1493: 6/2/2010 9:15:37 AM - System Checkpoint
RP1494: 6/3/2010 10:15:38 AM - System Checkpoint
RP1495: 6/4/2010 11:15:40 AM - System Checkpoint
RP1496: 6/5/2010 12:59:40 PM - System Checkpoint
RP1497: 6/6/2010 1:16:48 PM - System Checkpoint
RP1498: 6/7/2010 2:15:26 PM - System Checkpoint
RP1499: 6/8/2010 2:23:26 PM - System Checkpoint
RP1500: 6/9/2010 3:22:47 PM - System Checkpoint
RP1501: 6/10/2010 3:01:16 AM - Software Distribution Service 3.0
RP1502: 6/11/2010 3:44:41 AM - System Checkpoint
RP1503: 6/12/2010 5:13:24 AM - System Checkpoint
RP1504: 6/13/2010 5:25:21 AM - System Checkpoint
RP1505: 6/14/2010 6:25:19 AM - System Checkpoint
RP1506: 6/15/2010 7:25:13 AM - System Checkpoint
RP1507: 6/16/2010 8:25:18 AM - System Checkpoint
RP1508: 6/17/2010 9:25:20 AM - System Checkpoint
RP1509: 6/18/2010 9:26:05 AM - System Checkpoint
RP1510: 6/19/2010 10:24:59 AM - System Checkpoint
RP1511: 6/20/2010 12:29:15 PM - System Checkpoint
RP1512: 6/21/2010 1:24:58 PM - System Checkpoint
RP1513: 6/22/2010 1:59:33 PM - System Checkpoint
RP1514: 6/23/2010 2:00:41 PM - System Checkpoint
RP1515: 6/24/2010 2:59:32 PM - System Checkpoint
RP1516: 6/25/2010 3:59:34 PM - System Checkpoint
RP1517: 6/26/2010 4:59:33 PM - System Checkpoint
RP1518: 6/27/2010 5:59:34 PM - System Checkpoint
RP1519: 6/28/2010 7:00:41 PM - System Checkpoint
RP1520: 6/29/2010 8:09:04 PM - System Checkpoint
RP1521: 6/30/2010 9:03:52 PM - System Checkpoint
RP1522: 7/1/2010 10:03:59 PM - System Checkpoint
RP1523: 7/2/2010 11:03:52 PM - System Checkpoint
RP1524: 7/4/2010 12:04:01 AM - System Checkpoint
RP1525: 7/5/2010 1:03:53 AM - System Checkpoint
RP1526: 7/9/2010 1:26:57 PM - System Checkpoint
RP1527: 7/10/2010 2:02:36 PM - System Checkpoint
RP1528: 7/11/2010 2:05:11 PM - System Checkpoint
RP1529: 7/12/2010 2:50:30 PM - System Checkpoint
RP1530: 7/12/2010 5:07:11 PM - Logitech Webcam Software v12.10.1110
RP1531: 7/13/2010 6:40:21 PM - System Checkpoint
RP1532: 7/15/2010 3:06:01 AM - Software Distribution Service 3.0
RP1533: 7/16/2010 9:40:22 AM - System Checkpoint
RP1534: 7/17/2010 3:00:42 AM - Software Distribution Service 3.0
RP1535: 7/18/2010 3:17:20 AM - System Checkpoint
RP1536: 7/19/2010 3:58:44 AM - System Checkpoint
RP1537: 7/20/2010 5:22:50 AM - System Checkpoint
RP1538: 7/21/2010 5:34:48 AM - System Checkpoint
RP1539: 7/22/2010 5:58:47 AM - System Checkpoint
RP1540: 7/23/2010 6:58:46 AM - System Checkpoint
RP1541: 7/24/2010 7:58:31 PM - System Checkpoint
RP1542: 7/25/2010 8:25:05 PM - System Checkpoint
RP1543: 7/26/2010 8:25:51 PM - System Checkpoint
RP1544: 7/27/2010 8:58:23 PM - System Checkpoint
RP1545: 7/28/2010 9:58:23 PM - System Checkpoint
RP1546: 7/30/2010 12:01:11 AM - System Checkpoint
RP1547: 7/31/2010 12:13:48 AM - System Checkpoint
RP1548: 8/1/2010 1:13:53 AM - System Checkpoint
RP1549: 8/2/2010 1:14:53 AM - System Checkpoint
RP1550: 8/3/2010 2:13:43 AM - System Checkpoint

==== Installed Programs ======================


Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
ArcSoft PhotoImpression
Avira AntiVir Personal - Free Antivirus
Belarc Advisor 7.2
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bonjour
Bounce Symphony from Hewlett-Packard Desktops (remove only)
BroadJump Client Foundation
CameraDrivers
CodeStuff Starter
Copy
CreativeProjects
Crystal Maze from Hewlett-Packard Desktops (remove only)
Director
DocProc
Easy Internet Sign-up
EPSON Online Reference Guide
EPSON Printer Software
Fax
Film Factory
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Karen's Hasher
KBD
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
McAfee Security Scan
McAfee SiteAdvisor
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
MobileMe Control Panel
Mozilla Firefox (3.6.8)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
overland
PC-Doctor for Windows
PHOTOfunSTUDIO -viewer-
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PrintScreen
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
Quicken 2004
QuickProjects
QuickTime
Readme
RealOne Player
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Safari
SBC Self Support Tool
SBC Yahoo! Applications
SBC Yahoo! Dial Setup and Installs
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SkinsHP1
SkinsHP2
Skype Toolbars
Skypeâ„¢ 4.2
Slyder from Hewlett-Packard Desktops (remove only)
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
TrayApp
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Updates from HP
VC 9.0 Runtime
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinPatrol 2009
Word Symphony from Hewlett-Packard Desktops (remove only)
Word XML Toolbox for Microsoft Office Word 2003
Yahoo! Install Manager
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/3/2010 3:33:56 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/3/2010 3:33:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/1/2010 4:09:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
7/29/2010 11:11:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIF
7/29/2010 11:11:34 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

 

BTW, she is using an MVPS HOSTS file I placed there a year ago.

 

After I submitted this report, I attempted to print this thread for the computer owner. The print never occurred (even while allowing time for dinner). I canceled the print job and rebooted the computer. This caused the ONE critical update that was waiting for shutdown to then be installed.

My friend's son and his friends were apparently looking at YouTube vids since I started this thread. I do not know whether or not they downloaded any "codecs" or such.

Today, when I started to download MBAM, I got three successive AntiVir Guard alert popup windows:

The two other successive windows were the same warning for the following files:

• C:\Downloads\inst(2).exe
• C:\Downloads\inst.exe

EDIT: The AntiVir Guard popup windows appeared again when I accessed the downloads folder to move the MBAM install file to the desktop.

EDIT(2): The AntiVir Guard popup windows appeared for the same three files again during the MBAM Quick Scan. However, MBAM did NOT flag on those files during the scan.

Edit(3): File Size/Date/Time Information

• C:\Downloads\inst(2).exe 1,119 KB 8/3/2010 4:01 PM
• C:\Downloads\inst(3).exe 1,119 KB 8/3/2010 4:02 PM
• C:\Downloads\inst.exe 1,119 KB 8/3/2010 3:57 PM

I'm *guessing* these may be drive-by downloads that occurred when my friend accessed the "christianmanifesto.com" or index.php URLs identified in my original post.

 

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2010 4:06:53 PM
mbam-log-2010-08-05 (16-06-53).txt

Scan type: Quick scan
Objects scanned: 156568
Time elapsed: 21 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

The GMER scan lasted for HOURS.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-05 19:23:04
Windows 5.1.2600 Service Pack 3
Running: q6hb1r46.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\axpyikoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF56C3FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF56C0C80]
SSDT F7CED90E ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF56C4580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF56D8900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF56D8B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF56DCB10]
SSDT F7CED904 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF56C4670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF56C1210]
SSDT F7CED913 ZwDeleteKey
SSDT F7CED91D ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF56D8280]
SSDT F7CED922 ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF56DBF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF56C1070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF56DA180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF56D9F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF56DC6F0]
SSDT F7CED92C ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF56C3BE0]
SSDT F7CED927 ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF56C4190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF56C1440]
SSDT F7CED918 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF56D9200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF56D9080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [80, 45, 6C, F5, 00, 89, 6D, ...] {ADD BYTE [EBP+0x6c], 0xf5; ADD [ECX-0x74ef0a93], CL; INSD ; CMC }
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3864] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3952] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F56E1B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F56C8B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F56C6E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F56C9260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F56C8930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F56C18D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F56C1A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F56C15E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F56C1980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00EF2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00EF2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00EF2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1928] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00EF2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01B62F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01B62C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01B62CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\vid.exe[2052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01B62CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02F82F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02F82C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02F82CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02F82CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???Ais???J?J?K??FASTDETECT NOEXECUTE=OPTIN?SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT?7-0??? ???????????????????????????????????T??????????????????????disk_install?@??? ??????????????????? ???A??????????na??5.1.2600.0???@????????? ? ? ? ? ?A????B??A???>??????????usb\class_08&subclass_06&prot_50????? 0??A??????????? ??USB Mass Storage Device????????A?A?A?A?A?A?A?A?A.2??? ???????,???????????A???????? ?????????e.??? ???A???@?????@? ??? ???????0??????t0???????????\??????4B???????????-???????5??? ??????????????&???Disk drive?A?A??? ???A???0???????A??5.1.2535.0?800???????????@??????????? ?A?A?A?A?A?A?A?A??? ???A??????????&??????????????????????>???????A#????A??? ???????A??????????????????????????'????????????????????}??????????????????????????????????????????????????????????????????????????????????????????? ???????????????????????????????????????f???????????????????????!???????????????????????????!??? ???????b???????????????? ?????????????????????????? ???????A?????%?????E???? "???&??????????????????????????>?????????

---- EOF - GMER 1.0.15 ----

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AE9000 \WINDOWS\system32\KDCOM.DLL
0xF79F9000 \WINDOWS\system32\BOOTVID.dll
0xF759A000 ACPI.sys
0xF7AEB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7589000 pci.sys
0xF75E9000 isapnp.sys
0xF7BB1000 pciide.sys
0xF7869000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7AED000 viaide.sys
0xF7AEF000 intelide.sys
0xF75F9000 MountMgr.sys
0xF756A000 ftdisk.sys
0xF7871000 PartMgr.sys
0xF7609000 VolSnap.sys
0xF7552000 atapi.sys
0xF752F000 fasttx2k.sys
0xF7517000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF7619000 disk.sys
0xF7629000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74F7000 fltmgr.sys
0xF74E5000 sr.sys
0xF7639000 PxHelp20.sys
0xF74CE000 KSecDD.sys
0xF7441000 Ntfs.sys
0xF7414000 NDIS.sys
0xF7879000 viaagp1.sys
0xF7400000 srescan.sys
0xF7649000 SISAGPX.sys
0xF7659000 ohci1394.sys
0xF7669000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF73E6000 Mup.sys
0xF7699000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF76B9000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF6CBA000 \SystemRoot\System32\DRIVERS\vtmini.sys
0xF6CA6000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF6B70000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF7941000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C9000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7ABD000 \SystemRoot\system32\drivers\pfc.sys
0xF76D9000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF76E9000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76F9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6B4D000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7949000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7951000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6B29000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7959000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF68FC000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF68D8000 \SystemRoot\system32\drivers\portcls.sys
0xF7709000 \SystemRoot\system32\drivers\drmk.sys
0xF7719000 \SystemRoot\System32\DRIVERS\fetnd5bv.sys
0xF7729000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7AC5000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF68C4000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7739000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7961000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7ACD000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7969000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7D0C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7749000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7AD1000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF68AD000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7759000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7769000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7971000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF689C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7779000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7979000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7981000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7789000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B17000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6816000 \SystemRoot\System32\DRIVERS\update.sys
0xF7AE1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7799000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77B9000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7B19000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7B21000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B23000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7991000 \SystemRoot\System32\drivers\vga.sys
0xF7B25000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B27000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7999000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A7D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF578E000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5735000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF570D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF56A2000 \SystemRoot\System32\vsdatant.sys
0xF567C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF55BA000 \SystemRoot\System32\drivers\afd.sys
0xF77E9000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7A95000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xF5595000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF79B1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF556A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF54FA000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7809000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7CDD000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF54DE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B2D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF5492000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79B9000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF76A9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF547A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BAD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF54BA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BED000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xF0B26000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0B66000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF0851000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF074C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF08EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BAB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFEAE000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7901000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xEEC93000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\axpyikoc.sys
0xEEC68000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
912 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1068 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1296 svchost.exe
1332 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1720 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1740 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1840 svchost.exe
544 C:\WINDOWS\explorer.exe
1196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1260 C:\Program Files\Bonjour\mDNSResponder.exe
1356 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
1540 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1592 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1800 C:\WINDOWS\system32\svchost.exe
428 C:\WINDOWS\system\hpsysdrv.exe
548 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
348 C:\WINDOWS\system32\hphmon05.exe
468 C:\hp\KBD\kbd.exe
856 C:\WINDOWS\system32\VTTimer.exe
480 C:\WINDOWS\AGRSMMSG.exe
1200 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
516 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1268 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
1408 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1928 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1940 C:\Program Files\iTunes\iTunesHelper.exe
1704 C:\WINDOWS\system32\ctfmon.exe
2052 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2100 C:\Program Files\Skype\Phone\Skype.exe
2400 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2448 C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
2476 C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
2568 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3068 alg.exe
3132 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3488 C:\Program Files\iPod\bin\iPodService.exe
3932 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2828 C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
3576 C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
2380 C:\Program Files\QuickTime\QTTask.exe
3004 C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
3952 C:\Program Files\Mozilla Firefox\firefox.exe
3688 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3752 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`32d92000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.08

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

====================================

Since I do not know whether to hit Y or N, I am leaving the command prompt window open until you let me know what to do.

 

I had not exited out of the MBRCheck DOS command prompt window because your earlier instructions did not indicate whether to hit Y or N.

Therefore, I did not "Rerun MBRCheck ". I simply continued with the current MBRCheck DOS prompt window according to the instructions you just gave me.

This time I pressed ENTER to exit after fixing the MBR.

Here's the complete log from the desktop.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7AE9000 \WINDOWS\system32\KDCOM.DLL
0xF79F9000 \WINDOWS\system32\BOOTVID.dll
0xF759A000 ACPI.sys
0xF7AEB000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7589000 pci.sys
0xF75E9000 isapnp.sys
0xF7BB1000 pciide.sys
0xF7869000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7AED000 viaide.sys
0xF7AEF000 intelide.sys
0xF75F9000 MountMgr.sys
0xF756A000 ftdisk.sys
0xF7871000 PartMgr.sys
0xF7609000 VolSnap.sys
0xF7552000 atapi.sys
0xF752F000 fasttx2k.sys
0xF7517000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
0xF7619000 disk.sys
0xF7629000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74F7000 fltmgr.sys
0xF74E5000 sr.sys
0xF7639000 PxHelp20.sys
0xF74CE000 KSecDD.sys
0xF7441000 Ntfs.sys
0xF7414000 NDIS.sys
0xF7879000 viaagp1.sys
0xF7400000 srescan.sys
0xF7649000 SISAGPX.sys
0xF7659000 ohci1394.sys
0xF7669000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF73E6000 Mup.sys
0xF7699000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF76B9000 \SystemRoot\System32\DRIVERS\amdk7.sys
0xF6CBA000 \SystemRoot\System32\DRIVERS\vtmini.sys
0xF6CA6000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF6B70000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF7941000 \SystemRoot\System32\Drivers\Modem.SYS
0xF76C9000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7ABD000 \SystemRoot\system32\drivers\pfc.sys
0xF76D9000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF76E9000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76F9000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6B4D000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7949000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys
0xF7951000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6B29000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7959000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF68FC000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF68D8000 \SystemRoot\system32\drivers\portcls.sys
0xF7709000 \SystemRoot\system32\drivers\drmk.sys
0xF7719000 \SystemRoot\System32\DRIVERS\fetnd5bv.sys
0xF7729000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7AC5000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF68C4000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7739000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7961000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7ACD000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF7969000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7D0C000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7749000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7AD1000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF68AD000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7759000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7769000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7971000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF689C000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7779000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7979000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7981000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7789000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B17000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6816000 \SystemRoot\System32\DRIVERS\update.sys
0xF7AE1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7799000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77B9000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7B19000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7B21000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA4000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B23000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7991000 \SystemRoot\System32\drivers\vga.sys
0xF7B25000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B27000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7999000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79A1000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A7D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF578E000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF5735000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF570D000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF56A2000 \SystemRoot\System32\vsdatant.sys
0xF567C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF77D9000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF55BA000 \SystemRoot\System32\drivers\afd.sys
0xF77E9000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF79A9000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF7A95000 \SystemRoot\System32\DRIVERS\srvkp.sys
0xF5595000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF79B1000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF556A000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF54FA000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7809000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7CDD000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF54DE000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7B2D000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF5492000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF79B9000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF76A9000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF547A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BAD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF54BA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78C9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BED000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xF0B26000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF0B66000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF0851000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF074C000 \SystemRoot\system32\drivers\wdmaud.sys
0xF08EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BAB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFEAE000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7901000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xEEC93000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\axpyikoc.sys
0xEEC68000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
912 C:\WINDOWS\system32\svchost.exe
980 svchost.exe
1068 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1296 svchost.exe
1332 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
1672 C:\WINDOWS\system32\spoolsv.exe
1720 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1740 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1840 svchost.exe
544 C:\WINDOWS\explorer.exe
1196 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1260 C:\Program Files\Bonjour\mDNSResponder.exe
1356 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
1540 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
1592 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1800 C:\WINDOWS\system32\svchost.exe
428 C:\WINDOWS\system\hpsysdrv.exe
548 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
348 C:\WINDOWS\system32\hphmon05.exe
468 C:\hp\KBD\kbd.exe
856 C:\WINDOWS\system32\VTTimer.exe
480 C:\WINDOWS\AGRSMMSG.exe
1200 C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
516 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1268 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
1408 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
1928 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
1940 C:\Program Files\iTunes\iTunesHelper.exe
1704 C:\WINDOWS\system32\ctfmon.exe
2052 C:\Program Files\Logitech\Logitech Vid\Vid.exe
2100 C:\Program Files\Skype\Phone\Skype.exe
2400 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2448 C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
2476 C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
2568 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3068 alg.exe
3132 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
3488 C:\Program Files\iPod\bin\iPodService.exe
3932 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2828 C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
3576 C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
2380 C:\Program Files\QuickTime\QTTask.exe
3004 C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
3952 C:\Program Files\Mozilla Firefox\firefox.exe
3688 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
3752 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`32d92000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST380011A, Rev: 3.08

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EC5B6F4B08268D5344F30BFF61C8B587F034795B


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

 

I had restarted (rather than shut down/cold boot) according to the MBRCheck instructions to complete the MBR fix.

This computer typically takes a long time to boot so I walked away right after entering the Windows password. (The computer has only 1MB RAM and apparently lots of memory-resident apps that load at startup.)

I returned after reading your reply. (I was monitoring this thread with cell phone.)

There was a ZoneAlarm alert that McAfee SiteAdvisor wanted to connect to the Internet. I checked the "remember" checkbox and allowed it.

Otherwise, no other popup windows.

I'm tempted have AntiVir ignore one of the inst.exe files so I can save it to USB drive and then upload it (later) to VirusTotal and/or Jotti. But I'll resist unless I get the OK from you.

(I expect AntiVir Guard will alert any time I access the C:\Downloads folder.)

Awaiting your next instruction...

 

I did not choose to access the C:\Downloads folder and tell AntiVir ignore those inst.exe files bacuse I do not know whether or not doing so would allow resident malware to "do its deed. "

Anyway, I will perform only the actions you tell me to.

==========

The ComboFix process took about 1 hour 15 minutes total and went through 50 stages.

After ComboFix initiated its shutdown (for automatic reboot), an empty "Skype" window appeared near the upper left of the screen. Shortly after that, a catchme.cfxxe window popped up saying somethink like, "catchme.cfxxe failed to initialize because Windows is shutting down." I did not have time to write down everything before the computer rebooted.

WinPatrol alerted to an IE start page change. (I think it was the start page anyway.)
I allowed it.

WinPatrol alerted a HOSTS file change.
I allowed it.

MBAM alerted:
[Shell_NotifyIcon] failed to perform desired action. Error Code: 0
I clicked the OK button.

ZoneAlarm alerted PEV.cfxxe wanted to connect to 192.168.1.254NS
I allowed it.

After ComboFix finally finished and produced the log file on screen for me, I opened Firefox and was asked whether I want to set Firefox as my default browser. I clicked "Yes" (of course).

Here is the ComboFix log from the screen (which I assume is the same as the one at C:\COMBOFIX.TXT).

===============

ComboFix 10-08-05.02 - Owner 08/05/2010 22:45:11.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.160 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-07-12 21:58 . 2010-08-06 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-07-12 21:57 . 2010-08-06 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-12 21:13 . 2010-07-12 21:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-07-12 21:04 . 2010-07-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 19:42 . 2010-08-05 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-03 17:25 . 2008-07-16 22:47 -------- d-----w- c:\program files\Safari
2010-08-01 17:34 . 2010-07-12 21:12 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-01 17:34 . 2010-07-12 21:09 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-20 01:54 . 2010-07-20 01:52 -------- d-----w- c:\program files\iTunes
2010-07-20 01:52 . 2010-07-20 01:52 -------- d-----w- c:\program files\iPod
2010-07-20 01:52 . 2008-02-17 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-15 07:07 . 2010-07-15 07:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-12 21:58 . 2010-07-12 21:58 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-12 21:57 . 2010-07-12 21:55 -------- d-----w- c:\program files\Google
2010-07-12 21:55 . 2010-07-12 21:54 -------- d-----r- c:\program files\Skype
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\program files\Common Files\Skype
2010-07-12 21:20 . 2010-07-12 21:04 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-12 21:14 . 2010-07-12 21:04 -------- d-----w- c:\program files\Logitech
2010-06-29 04:36 . 2010-06-29 04:36 -------- d-----w- c:\program files\Bonjour
2010-06-10 07:12 . 2008-08-18 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2004-07-26 22:23 . 2004-07-26 22:23 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHUPD05 "= "c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05 "= "c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD "= "c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"VTTimer "= "VTTimer.exe" [2004-01-16 49152]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 88363]
"PS2 "= "c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Motive SmartBridge "= "c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PowerReg SchedulerV2.exe [2007-3-23 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-8-24 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE "=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/5/2010 3:42 PM 20952]
S2 mrtRate;mrtRate; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hsb50lg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-36317AE4-57EC-4F3E-B828-009A3DD96BE8 - c:\program files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe
AddRemove-62067F4C-84A9-45B9-8573-B90468B0A3EF - c:\program files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe
AddRemove-6723E59E-322A-417A-8E03-27A61E18253C - c:\program files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe
AddRemove-8C4E79CC-03E1-43AA-9910-9A5113F24603 - c:\program files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe
AddRemove-B8610D19-E576-4F91-8A2F-07898D9CA301 - c:\program files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe
AddRemove-BFBCBAE3-8293-4215-9C4F-C2402C118EDB - c:\program files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe
AddRemove-C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A - c:\program files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe
AddRemove-D11F7128-8CBD-408B-8BF8-034604DEDD42 - c:\program files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe
AddRemove-DA44615A-C243-46A4-8E47-184CFF33CD38 - c:\program files\WildTangent\Apps\GameChannel\Games\DA44615A-C243-46A4-8E47-184CFF33CD38\Uninstall.exe
AddRemove-DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292 - c:\program files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe
AddRemove-E28167F1-3F42-40C7-9119-1D5A97444F10 - c:\program files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe
AddRemove-F5215F01-DFC0-475D-A910-6F1AF94E807E - c:\program files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 23:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\windows\system32\VTTimer.exe
c:\windows\AGRSMMSG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Logitech\Logitech Vid\LU\LULnchr.exe
c:\program files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-08-05 23:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 03:56

Pre-Run: 41,702,187,008 bytes free
Post-Run: 42,486,677,504 bytes free

- - End Of File - - 9FC19228357333CE4DB20308FCD8FC83

 

I disabled all resident anti-malware (including ZoneAlarm) again and then dragged the script onto the ComboFix desktop icon.

Then I went upstairs.

When I returned about 30 minutes later, the log.txt file was on the screen.

Then I restarted AntiVir and ZoneAlarm and clicked the Firefox quick launch icon.

While Firefox was busy loading, AntiVir popped up an alert window about a different file with a different trojan ID. I did not have enough time to write it down before it disappeared.

I closed the log.txt file wat was open on the screen.

Here is the C:\ComboFix.txt log.

==========================

ComboFix 10-08-05.02 - Owner 08/06/2010 0:35.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.172 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\drivers\logiflt.iad "
"c:\windows\system32\drivers\lvuvc.hs "
"c:\windows\system32\ezsidmv.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 19:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-05 19:42 . 2010-08-05 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-05 19:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 01:52 . 2010-07-20 01:52 -------- d-----w- c:\program files\iPod
2010-07-20 01:52 . 2010-07-20 01:54 -------- d-----w- c:\program files\iTunes
2010-07-15 07:07 . 2010-07-15 07:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-07-14 20:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 21:58 . 2010-08-06 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-07-12 21:57 . 2010-08-06 04:46 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-07-12 21:55 . 2010-07-12 21:55 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2010-07-12 21:55 . 2010-07-12 21:57 -------- d-----w- c:\program files\Google
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\program files\Common Files\Skype
2010-07-12 21:54 . 2010-07-12 21:55 -------- d-----r- c:\program files\Skype
2010-07-12 21:54 . 2010-07-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-12 21:14 . 2010-07-12 21:14 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogiShrd
2010-07-12 21:13 . 2010-07-12 21:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-07-12 21:12 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-07-12 21:12 . 2009-10-07 08:48 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-07-12 21:12 . 2009-10-07 08:43 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-07-12 21:12 . 2009-10-07 08:49 6756632 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-07-12 21:12 . 2009-10-07 08:24 34068 ----a-r- c:\windows\system32\Repository.reg
2010-07-12 21:12 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-07-12 21:12 . 2009-10-07 08:47 266008 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-07-12 21:12 . 2009-10-07 08:46 114712 ----a-r- c:\windows\system32\drivers\lvpopflt.sys
2010-07-12 21:09 . 2009-10-07 08:49 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-12 21:04 . 2010-07-12 21:20 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-12 21:04 . 2010-07-12 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-07-12 21:04 . 2010-07-12 21:14 -------- d-----w- c:\program files\Logitech
2010-07-12 20:59 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-07-12 20:59 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-07-12 20:59 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-07-12 20:59 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-07-12 20:59 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-07-12 20:59 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 17:25 . 2008-07-16 22:47 -------- d-----w- c:\program files\Safari
2010-08-03 17:20 . 2010-08-03 17:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-20 01:52 . 2008-02-17 18:12 -------- d-----w- c:\program files\Common Files\Apple
2010-07-20 01:38 . 2010-07-20 01:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-09 16:48 . 2007-01-16 16:56 4647111 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-06-29 04:36 . 2010-06-29 04:36 -------- d-----w- c:\program files\Bonjour
2010-06-14 14:31 . 2004-05-12 06:48 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-10 07:12 . 2008-08-18 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-08 21:16 . 2010-06-08 21:17 3206656 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-06-08 20:38 . 2010-06-08 20:38 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 08:24 . 2010-05-12 08:25 3208704 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2004-07-26 22:23 . 2004-07-26 22:23 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
"Logitech Vid "= "c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHUPD05 "= "c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05 "= "c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD "= "c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"VTTimer "= "VTTimer.exe" [2004-01-16 49152]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-06-29 88363]
"PS2 "= "c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Motive SmartBridge "= "c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PowerReg SchedulerV2.exe [2007-3-23 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-8-24 40960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPAGER.EXE "=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 74480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/5/2010 3:42 PM 20952]
S2 mrtRate;mrtRate; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydial/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hsb50lg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 00:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-06 00:55:58
ComboFix-quarantined-files.txt 2010-08-06 04:55
ComboFix2.txt 2010-08-06 03:57

Pre-Run: 42,497,957,888 bytes free
Post-Run: 42,480,177,152 bytes free

- - End Of File - - CCAC27FB7ECDF6C94D7CACEDB6EE90F4

 

BTW, I am occasionally seeing a Skype notification on the screen by the clock indicating an apparent Skype user is online.

================

OTL logfile created on: 8/6/2010 2:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2050 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.73 Gb Total Space | 43.66 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.72 Gb Free Space | 15.10% Space Free | Partition Type: FAT32
Drive E: | 175.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-VP7X3S9CTM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/06 02:02:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/27 20:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/27 11:33:28 | 000,341,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/20 15:34:18 | 000,816,904 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\Logitech Vid\LU\LogitechUpdate.exe
PRC - [2009/04/20 15:34:00 | 000,300,296 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\Logitech Vid\LU\LULnchr.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2004/01/16 07:33:44 | 000,049,152 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2003/12/10 05:52:40 | 000,380,928 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2003/08/21 07:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 02:02:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/07/19 18:03:54 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/10/07 05:41:56 | 000,081,920 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\SBHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\021305~1.EXE -- (0213051256338582mcinstcleanup) McAfee Application Installer Cleanup (0213051256338582)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/06 10:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2003/05/19 15:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2001/10/25 02:02:00 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\klif.sys -- (KLIF)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/07 11:11:10 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 04:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/26 23:16:18 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/06/23 11:01:42 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/23 11:01:40 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/16 00:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/11/17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 11:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/01/03 00:05:48 | 000,011,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/01/02 23:20:40 | 000,432,000 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/12 10:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/02 22:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/09/19 04:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/18 20:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 15:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 21:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 17:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus...sbcydial/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/05 21:33:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 16:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 14:49:19 | 000,000,000 | ---D | M]

[2009/05/27 11:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/02/12 23:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hsb50lg.default\extensions
[2007/06/03 04:51:17 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1hsb50lg.default\searchplugins\siteadvisor.xml
[2010/08/05 22:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 17:55:35 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/08/06 00:48:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! Dictionary - C:\Program Files\Yahoo!\Common [2005/11/03 12:41:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! Search - C:\Program Files\Yahoo!\Common [2005/11/03 12:41:45 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll (Yahoo! Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (Yahoo! Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38198.7559722222 (Reg Error: Key error.)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe (Virtools WebPlayer Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/01 02:00:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/10/16 12:20:11 | 000,000,267 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/08/06 02:01:54 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/06 01:30:44 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/05 22:58:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/05 15:42:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/05 15:42:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/05 15:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/05 15:21:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/03 13:22:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/19 21:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/19 21:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/15 03:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/07/14 16:49:14 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 17:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2010/07/12 17:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/07/12 17:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/07/12 17:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2010/07/12 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/07/12 17:54:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/12 17:54:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/07/12 17:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/07/12 17:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SightSpeed Recordings
[2010/07/12 17:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\LogiShrd
[2010/07/12 17:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/07/12 17:12:27 | 000,539,160 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/07/12 17:12:27 | 000,539,160 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/07/12 17:12:27 | 000,416,280 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010/07/12 17:12:22 | 006,756,632 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010/07/12 17:12:15 | 000,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/07/12 17:12:14 | 000,266,008 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/07/12 17:12:14 | 000,114,712 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvpopflt.sys
[2010/07/12 17:09:15 | 000,023,832 | R--- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010/07/12 17:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/07/12 17:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/07/12 17:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/07/12 16:59:47 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/07/12 16:59:47 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/07/12 16:59:31 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/07/12 16:59:31 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/07/12 16:59:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/07/12 16:59:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/07/12 16:59:24 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/06 02:03:13 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/06 02:02:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/06 01:41:25 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/06 01:39:23 | 000,350,192 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/06 01:34:41 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/08/06 01:33:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 01:33:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 01:33:50 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 01:32:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/06 00:48:59 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 00:48:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/05 23:08:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 21:24:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck_MBR_Backup_08-05-10_21-24-02.bak
[2010/08/05 19:29:12 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/05 16:22:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\q6hb1r46.exe
[2010/08/05 15:42:46 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 15:27:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/04 19:22:13 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/03 16:25:46 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/08/03 13:25:37 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/08/03 13:25:37 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/02 21:18:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/01 13:30:42 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/30 14:09:21 | 000,017,460 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume2010x2.docx
[2010/07/30 13:18:44 | 000,042,062 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Resume 2010.docx
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/15 03:36:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 17:21:18 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2010/07/12 17:18:00 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/06 01:41:25 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/05 21:24:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck_MBR_Backup_08-05-10_21-24-02.bak
[2010/08/05 19:29:11 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/05 16:22:22 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\q6hb1r46.exe
[2010/08/05 15:42:46 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/03 17:56:22 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/07/30 14:04:52 | 000,017,460 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Resume2010x2.docx
[2010/07/30 13:18:43 | 000,042,062 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Resume 2010.docx
[2010/07/19 21:54:22 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/07/12 17:54:43 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/07/12 17:14:22 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2010/07/12 17:12:25 | 000,266,828 | R--- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/07/12 17:12:16 | 000,034,068 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/07/12 17:12:15 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/12 17:05:07 | 000,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/02/15 16:26:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2008/08/24 18:44:25 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/15 21:39:16 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/03/23 12:49:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2007/03/23 12:39:03 | 000,000,045 | ---- | C] () -- C:\WINDOWS\EPSP825.ini
[2006/07/17 05:35:07 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2005/10/27 15:16:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/10/27 14:09:28 | 000,000,047 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/07/07 16:53:18 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/05/21 03:15:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/05/21 03:15:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/05/21 03:15:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/05/21 03:15:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/05/21 03:15:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/05/21 03:15:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/04/02 19:33:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/04/02 19:33:14 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/04/02 19:18:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/04/01 17:32:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/04/01 17:32:21 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/04/01 17:32:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/04/01 17:29:07 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/04/01 17:14:02 | 000,028,734 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/04/01 17:13:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/04/01 04:57:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/04/01 04:50:38 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/04/01 03:55:37 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/04/01 03:23:23 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/04/01 03:14:18 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/04/01 03:14:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/04/01 03:12:07 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/04/01 02:03:26 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/04/01 00:50:07 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/03/07 02:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 02:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/04/01 02:00:15 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2004/07/26 16:03:43 | 000,000,286 | ---- | M] () -- C:\BestBuy.txt
[2004/07/26 15:26:36 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2006/02/07 23:31:14 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2002/08/29 08:00:00 | 000,245,920 | RHS- | M] () -- C:\cmldr
[2010/08/06 00:55:59 | 000,015,679 | ---- | M] () -- C:\ComboFix.txt
[2004/04/01 02:00:15 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001/09/06 09:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/08/06 01:33:50 | 469,291,008 | -HS- | M] () -- C:\hiberfil.sys
[2004/04/01 02:00:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/21 10:07:34 | 000,000,217 | -H-- | M] () -- C:\IPH.PH
[2004/04/01 02:00:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/07 23:23:09 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/31 13:46:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/06 01:33:47 | 2149,580,800 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/03/31 17:52:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/03/31 17:52:38 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/03/31 17:52:38 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

 

OTL Extras logfile created on: 8/6/2010 2:03:44 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2050 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.73 Gb Total Space | 43.66 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive D: | 4.79 Gb Total Space | 0.72 Gb Free Space | 15.10% Space Free | Partition Type: FAT32
Drive E: | 175.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-VP7X3S9CTM
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = YBrowser.URL] -- C:\Program Files\Yahoo!\browser\ybrowser.exe (Yahoo!, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YPAGER.EXE" = C:\Program Files\Yahoo!\Messenger\YPAGER.EXE:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\yserver.exe" = C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{312CBCD0-3F54-48A5-BCC8-C52DF7CA94BE}" = Word XML Toolbox for Microsoft Office Word 2003
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E142615E-5ED8-4511-9BF0-0284BFA25766}" = ArcSoft PhotoImpression
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BackWeb-137903 Uninstaller" = Updates from HP
"Belarc Advisor" = Belarc Advisor 7.2
"BroadJump Client Foundation" = BroadJump Client Foundation
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CodeStuff Starter" = CodeStuff Starter
"EPSON Printer and Utilities" = EPSON Printer Software
"Film Factory" = Film Factory
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HPTOOLKIT" = Toolkit View(HP)
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Karen's Hasher" = Karen's Hasher
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"NVIDIA" =
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3" = VIA/S3G Display Driver
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"SBC Yahoo! Dial Setup" = SBC Yahoo! Dial Setup and Installs
"SBC.MCCInstall" = SBC Self Support Tool
"Silent Package Run-Time Sample" = EPSON Online Reference Guide
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2010 12:25:51 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1000
Description = Faulting application ssmypics.scr, version 5.1.2600.5512, faulting
module ssmypics.scr, version 5.1.2600.5512, fault address 0x000056dc.

Error - 7/16/2010 9:17:06 AM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/16/2010 9:17:07 AM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/20/2010 5:16:41 PM | Computer Name = YOUR-VP7X3S9CTM | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3828, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 7/29/2010 11:13:21 PM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/3/2010 3:43:46 PM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 8/3/2010 3:43:47 PM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/3/2010 3:43:54 PM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/3/2010 3:43:55 PM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 8/6/2010 1:38:59 AM | Computer Name = YOUR-VP7X3S9CTM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 8/5/2010 11:13:54 PM | Computer Name = YOUR-VP7X3S9CTM | Source = DCOM | ID = 10010
Description = The server {A02ED9E9-8D36-473A-98ED-C253A40765DE} did not register
with DCOM within the required timeout.

Error - 8/5/2010 11:18:38 PM | Computer Name = YOUR-VP7X3S9CTM | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 8/6/2010 12:32:46 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/6/2010 1:36:08 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 8/6/2010 1:36:28 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
KLIF

Error - 8/6/2010 1:38:22 AM | Computer Name = YOUR-VP7X3S9CTM | Source = DCOM | ID = 10010
Description = The server {D0B7C734-2D1B-461D-93C6-8264DA4F038B} did not register
with DCOM within the required timeout.

Error - 8/6/2010 1:38:48 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 8/6/2010 1:38:48 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 8/6/2010 2:05:30 AM | Computer Name = YOUR-VP7X3S9CTM | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/6/2010 2:05:31 AM | Computer Name = YOUR-VP7X3S9CTM | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

 

EEK! Now I know why it takes so dang long to boot and run scans!


EDIT: My have your permission to upgrade the RAM in this computer before we have finished with these scans, etc.? This computer has needed a serious boost for years. It seems replacing the RAM stick (or adding one) would not have a negative effect on our cleaning procedures and the scans/boots would be quicker.

I will research RAM upgrade options with this make/model computer.