Solved Virus Removal - "XP Internet Security 2011"

Fetz · 2011/05/06

[Resolved] Virus Removal - "XP Internet Security 2011 "

Thanks in advance for your assistance. My desktop appears to have been infected by a virus. A program called XP Internet Security 2011 has been installed on my computer, and it keeps trying to scan. I stop it each time.

I tried to find information on this, and am advised that this is a virus. This computer has been used by teenagers, and who knows what may have been downloaded. I also searched your forum, but could not find a specific thread on this.

My PC is protected by Trend Micro Titanium. I ran a scan, but nothing turned up.

I would greatly appreciate any assistance you can offer to remove this and any other malware that has found its way on to my PC.

My operating software is Windows XP.

Thank you.

broni · 2011/05/06

Welcome aboard

Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Fetz · 2011/05/07

Hi broni.....I am writing to you on my laptop, since I cannot get online with my desktop. This virus seems to have frozen it up. I am able to load windows in Safe Mode, but the internet connection does not work when I do that. When I reboot the PC, this XP Internet Security 2011 keeps coming on. I click it off, but shortly thereafter the computer freezes up.

I was able to download Avast, which was the first step in your post, but was not able to complete the scan.

Please let me know if you have any suggestions at this point. I have tried to reboot my desktop many times, but it always freezes up.

Thanks for your help.

Fetz · 2011/05/07

UPDATE: I have been able to reboot my PC in Safe Mode with Networking, and I am now scanning with Avast. I will try to follow the rest of the steps in your post. Thank you.

broni · 2011/05/07

Now, when we know the name of the beast, we can do better.

Start with following these instructions: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

Let me know, when you're done.

Fetz · 2011/05/09

I have completed the instructions on bleepingcomputer.com. It appears that the XP Internet Security 2011 virus has been removed. It is no longer popping up. I am posting the mbam.log below. My computer is still locking up when I reboot it.....it appears that everything loads (slowly) but then I cannot open anything. Thus I am continuing to work in Safe Mode with Networking. Please advise what other information you might need. Thanks for all of your help.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

5/7/2011 6:41:20 PM
mbam-log-2011-05-07 (18-41-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 478801
Time elapsed: 2 hour(s), 24 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jxo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe ") Good: (firefox.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jxo.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jxo.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE ") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\hp_administrator\local settings\application data\jxo.exe (Trojan.ExeShell.Gen) -> No action taken.

broni · 2011/05/09

Good job, so far

Your MBAM log says "No action taken" after each line.
I need you to re-run it and FIX all issues.

When done....
Please, complete all steps listed here: this post

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Fetz · 2011/05/10

I had previously followed those steps, but have redone it. The requested logs are posted below. It looks like I have to break it into two posts. Thanks again.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6528

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.5730.11

5/9/2011 8:16:51 PM
mbam-log-2011-05-09 (20-16-51).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 478153
Time elapsed: 2 hour(s), 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-10 06:50:03
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3200JS-60PDB0 rev.21.00M21
Running: 3q4yj1gs.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ffryipow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 6 Bytes PUSH 0135BCB3; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] ntdll.dll!NtSuspendThread 7C90DE3E 6 Bytes PUSH 0135BC80; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] kernel32.dll!CreateProcessInternalW + 1 7C819528 5 Bytes [4B, BD, 35, 01, C3]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!WSASocketW 71AB39CB 6 Bytes PUSH 0135B36F; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!socket 71AB3B91 6 Bytes PUSH 0135B313; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!connect 71AB406A 6 Bytes PUSH 0135B401; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!send 71AB428A 6 Bytes PUSH 0135B483; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 0135BE29; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 0135B443; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 0135BDD9; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!closesocket 71AB9639 6 Bytes PUSH 0135B3A6; RET
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[232] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 6 Bytes PUSH 0135BF5E; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 4 Bytes [68, B3, BC, F9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] ntdll.dll!NtProtectVirtualMemory + 5 7C90D6F3 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, 80, BC, F9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] kernel32.dll!CreateProcessInternalW + 1 7C819528 3 Bytes [4B, BD, F9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] kernel32.dll!CreateProcessInternalW + 5 7C81952C 1 Byte [C3]
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!WSASocketW 71AB39CB 6 Bytes PUSH 00F9B36F; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!socket 71AB3B91 6 Bytes PUSH 00F9B313; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!connect 71AB406A 6 Bytes PUSH 00F9B401; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!send 71AB428A 6 Bytes PUSH 00F9B483; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 00F9BE29; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 00F9B443; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 00F9BDD9; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!closesocket 71AB9639 6 Bytes PUSH 00F9B3A6; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[480] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 6 Bytes PUSH 00F9BF5E; RET
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1136] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[1892] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 4 Bytes [68, B3, BC, C0]
.text C:\WINDOWS\Explorer.EXE[1892] ntdll.dll!NtProtectVirtualMemory + 5 7C90D6F3 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[1892] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, 80, BC, C0]
.text C:\WINDOWS\Explorer.EXE[1892] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateProcessInternalW + 1 7C819528 3 Bytes [4B, BD, C0]
.text C:\WINDOWS\Explorer.EXE[1892] kernel32.dll!CreateProcessInternalW + 5 7C81952C 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 4 Bytes [68, B3, BC, B9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ntdll.dll!NtProtectVirtualMemory + 5 7C90D6F3 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ntdll.dll!NtSuspendThread 7C90DE3E 4 Bytes [68, 80, BC, B9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] ntdll.dll!NtSuspendThread + 5 7C90DE43 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateProcessInternalW + 1 7C819528 3 Bytes [4B, BD, B9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] kernel32.dll!CreateProcessInternalW + 5 7C81952C 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!WSASocketW 71AB39CB 6 Bytes PUSH 00B9B36F; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!socket 71AB3B91 6 Bytes PUSH 00B9B313; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!connect 71AB406A 6 Bytes PUSH 00B9B401; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!send 71AB428A 6 Bytes PUSH 00B9B483; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 00B9BE29; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 00B9B443; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 00B9BDD9; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!closesocket 71AB9639 6 Bytes PUSH 00B9B3A6; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1988] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 6 Bytes PUSH 00B9BF5E; RET

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00000bdc

Kernel Drivers (total 110):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FD000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7607000 ohci1394.sys
0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 viaide.sys
0xF798D000 intelide.sys
0xF7627000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798F000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7637000 VolSnap.sys
0xF749A000 atapi.sys
0xF7647000 disk.sys
0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltMgr.sys
0xF7667000 PxHelp20.sys
0xF7870000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7843000 NDIS.sys
0xF7828000 Mup.sys
0xF7767000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xBA779000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7697000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA756000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7797000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA731000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7923000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xBA6E6000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA6AF000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF76C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77A7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7993000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7997000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF792F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xBA648000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA597000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7587000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7807000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xBA566000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7577000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA50A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7F8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7567000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7557000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7547000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF79A9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A8A000 \SystemRoot\System32\Drivers\Null.SYS
0xF79AD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7787000 \SystemRoot\System32\drivers\vga.sys
0xBA4CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF79B1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF779F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA6A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF7537000 \SystemRoot\system32\DRIVERS\IrBus.sys
0xBA49B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA443000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA41B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA687000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA3F9000 \SystemRoot\System32\drivers\afd.sys
0xF7517000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3CE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBA35F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA314000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA66F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA65F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\hidir.sys
0xF746A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF780F000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF776F000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF792B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA562000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA2AC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA542000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA69F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7AA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA0B0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9E03000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA03C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9ADE000 \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ffryipow.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 18):
0 System Idle Process
4 System
500 C:\WINDOWS\system32\smss.exe
560 csrss.exe
584 C:\WINDOWS\system32\winlogon.exe
632 C:\WINDOWS\system32\services.exe
644 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\svchost.exe
868 svchost.exe
1024 C:\WINDOWS\system32\svchost.exe
1036 svchost.exe
1188 svchost.exe
1892 C:\WINDOWS\explorer.exe
232 C:\Program Files\Internet Explorer\iexplore.exe
480 C:\Program Files\Mozilla Firefox\firefox.exe
1136 C:\Program Files\Mozilla Firefox\plugin-container.exe
1304 C:\Program Files\Mozilla Thunderbird\thunderbird.exe
824 C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`4f6bfc00 (FAT32)

PhysicalDrive0 Model Number: WDCWD3200JS-60PDB0, Rev: 21.00M21

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4A3BF69CA3259413E25A52D6E01242850E3B0E3A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by HP_Administrator at 6:52:21.75 on Tue 05/10/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1365 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Trend Micro Titanium *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hp-desktop.aol.com/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\documents and settings\hp_administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Flock Update] "c:\documents and settings\hp_administrator\local settings\application data\flock\update\FlockUpdate.exe" /c
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] "c:\windows\RTHDCPL.EXE "
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE "
mRun: [nwiz] "c:\windows\system32\nwiz.exe" /install
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe "
mRun: [HostManager] "c:\program files\common files\aol\1161398680\ee\AOLSoftware.exe "
mRun: [ftutil2] "c:\windows\system32\rundll32.exe" ftutil2.dll,SetWriteCacheMode
mRun: [ehTray] "c:\windows\ehome\ehtray.exe "
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe "
mRun: [AlwaysReady Power Message APP] "c:\windows\ARPWRMSG.EXE "
mRun: [VX6000] "c:\windows\vVX6000.exe "
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [UVS11 Preload] "c:\program files\ulead systems\ulead videostudio 11\uvPL.exe "
mRun: [Adobe_ID0EYTHM] "c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE "
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe "
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL " "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\e9m98pfy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\e9m98pfy.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\flock\update\1.2.213.0\npFlockOneClick8.dll
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\opera\program\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-6 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-6 307288]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2006-9-19 32256]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-10-14 188272]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-6 19544]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-6 42184]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-4 136176]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\hp_adm~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\hp_adm~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-10-14 64080]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-4 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
.
=============== Created Last 30 ================
.
2011-05-07 22:55:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 22:55:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 22:55:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 03:43:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-07 03:42:20 40112 ----a-w- c:\windows\avastSS.scr
2011-05-07 03:42:10 -------- d-----w- c:\program files\AVAST Software
2011-05-07 03:42:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-05-07 02:07:43 192512 --sha-w- c:\windows\system32\w0akd.dll
2011-04-26 14:26:48 -------- d-----w- c:\program files\iPod
2011-04-14 10:39:02 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-04-14 10:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-12 07:46:28 -------- d-----w- C:\temp
.
==================== Find3M ====================
.
2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-02-18 23:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
============= FINISH: 6:54:08.76 ===============

Fetz · 2011/05/10

Here is the final log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2006 11:26:39 AM
System Uptime: 5/9/2011 9:24:01 PM (9 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2605/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2605/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 218.659 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.688 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Add or Remove Adobe Creative Suite 3 Web Premium
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Web Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Download Manager
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.4
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AiO_Scan_CDA
AiOSoftwareNPI
AlauxSoft Accounts and Budget Free V5.0
AllWebMenus PRO
AnvSoft Photo Flash Maker Free 5.13
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Free Antivirus
Bonjour
BufferChm
C4100
c4100_Help
CamStudio
Compatibility Pack for the 2007 Office system
Core FTP LE 2.1
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
CuteFTP 7 Home
Data Fax SoftModem with SmartCP
Destinations
DirectXInstallService
DivX
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
EMC 10 Content
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fax_CDA
File Renamer - Basic
Flash Movie Player 1.5
Flash Renamer 5.11
Flash Slideshow Maker Pro 4.90
Flock (2.6.2)
Flock (3.5.3.4641)
FLV Player
FullDPAppQFolder
Galva 1.85
GemMaster Mystic
Golf Master
Golf Mixer
Golf Tournament Scorekeeper 4
GOM Player
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GSW
Handicap Manager for Excel - Version 5.1
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB916089)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DigitalMedia Archive
HP Document Viewer 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
InstantShareDevices
InstantShareDevicesMFC
InterVideo DeviceService
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
LightScribe 1.4.105.1
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Macromedia Contribute 3.11
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 4
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia HomeSite+
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
MeterBasic
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Away Mode
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft XML Parser
MobileMe Control Panel
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.10)
Mpeg2Decoder 1.3
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
muvee Plugin 1.0
MVision
MWSnap 3
My HP Games
neroxml
Netscape Browser (remove only)
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
Octoshape add-in for Adobe Flash Player
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
Opera 10.62
OptionalContentQFolder
Otto
PanoStandAlone
PDF Settings
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio Easy Media Creator 10 Suite
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Safari
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
shexview
Shop for HP Supplies
SkinsHP1
SlideShow
SlideShowMusic
SmartSound Quicktracks Plugin
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic_PrimoSDK
Sothink SWF Decompiler
Spelling Dictionaries Support For Adobe Reader 9
Status
SUPERAntiSpyware Free Edition
SWiSH Max2
TBS WMP Plug-in
Toolbox
TopStyle Lite (Version 3.0)
Track Your Trades Trial Version 5.2.0
TrayApp
Trend Micro Titanium
Trend Micro™ Titanium™
Ulead VideoStudio 11
UMVPLStandalone
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VCRedistSetup
VectorEngineer Quick-Tools
VideoStudio
Viewpoint Media Player
VLC media player 0.9.6
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 9:57:42 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
5/7/2011 9:20:50 PM, error: System Error [1003] - Error code 100000d1, parameter1 00000010, parameter2 00000007, parameter3 00000000, parameter4 f749fc88.
5/7/2011 9:08:29 PM, error: System Error [1003] - Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.
5/7/2011 9:06:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Software Updater service to connect.
5/7/2011 9:06:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments " " in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
5/7/2011 9:04:04 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
5/7/2011 8:06:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSnx aswSP aswTdi Fips ftsata2 SASDIFSV SASKUTIL tmtdi
5/7/2011 2:45:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
5/6/2011 9:36:55 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/6/2011 3:01:36 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f1: Security Update for Windows XP (KB958470).
5/6/2011 10:28:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/6/2011 10:17:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/6/2011 10:17:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/6/2011 10:17:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdK8 aswRdr aswSnx aswSP aswTdi Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip tmtdi
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:26 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/6/2011 10:17:20 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/6/2011 10:07:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
5/6/2011 10:07:51 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/6/2011 10:07:51 PM, error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
5/4/2011 6:49:46 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JIM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{26907906-18B3-4665-9B. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

Fetz · 2011/05/10

I'm not sure if the first half of my post made it through. It had 4 of the logs on it. Please let me know if I need to repost. Thanks.

broni · 2011/05/10

Yes. I got them. I had to approve them.
Hold on...

broni · 2011/05/10

Any particular reason, why you ran all scans in Safe Mode?

You're running two AV programs, Avast and Trend Micro.
One of them has to go.
Your choice.

Fetz · 2011/05/10

I had to run them in Safe Mode because when I reboot it normally everything freezes up. Safe Mode is the only way I can do anything at the moment.

I have had Trend Micro since I bought the computer. I downloaded Avast per the instructions you gave me. Do you have a recommendation? Thank you.

broni · 2011/05/10

It said, IF you do NOT have any AV program.
Please, uninstall Avast.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Fetz · 2011/05/10

The Bootkit Remover log is as follows:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 74c9b8a519aa05c22f46e134715d1f6f

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

The ComboFix log is as follows:

ComboFix 11-05-09.04 - HP_Administrator 05/10/2011 20:07:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1362 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\ST6UNST.000
c:\windows\system32\_004886_.tmp.dll
c:\windows\system32\_004887_.tmp.dll
c:\windows\system32\_004888_.tmp.dll
c:\windows\system32\_004889_.tmp.dll
c:\windows\system32\_004894_.tmp.dll
c:\windows\system32\_004895_.tmp.dll
c:\windows\system32\_004896_.tmp.dll
c:\windows\system32\_004897_.tmp.dll
c:\windows\system32\_004898_.tmp.dll
c:\windows\system32\_004899_.tmp.dll
c:\windows\system32\_004900_.tmp.dll
c:\windows\system32\_004901_.tmp.dll
c:\windows\system32\_004902_.tmp.dll
c:\windows\system32\_004904_.tmp.dll
c:\windows\system32\_004905_.tmp.dll
c:\windows\system32\_004907_.tmp.dll
c:\windows\system32\_004908_.tmp.dll
c:\windows\system32\_004909_.tmp.dll
c:\windows\system32\_004910_.tmp.dll
c:\windows\system32\_004911_.tmp.dll
c:\windows\system32\_004914_.tmp.dll
c:\windows\system32\_004915_.tmp.dll
c:\windows\system32\_004918_.tmp.dll
c:\windows\system32\_004919_.tmp.dll
c:\windows\system32\_004920_.tmp.dll
c:\windows\system32\_004921_.tmp.dll
c:\windows\system32\_004922_.tmp.dll
c:\windows\system32\_004923_.tmp.dll
c:\windows\system32\_004924_.tmp.dll
c:\windows\system32\_004925_.tmp.dll
c:\windows\system32\_004927_.tmp.dll
c:\windows\system32\_004928_.tmp.dll
c:\windows\system32\_004929_.tmp.dll
c:\windows\system32\_004930_.tmp.dll
c:\windows\system32\_004931_.tmp.dll
c:\windows\system32\_004932_.tmp.dll
c:\windows\system32\_004933_.tmp.dll
c:\windows\system32\_004934_.tmp.dll
c:\windows\system32\_004935_.tmp.dll
c:\windows\system32\_004936_.tmp.dll
c:\windows\system32\_004937_.tmp.dll
c:\windows\system32\_004940_.tmp.dll
c:\windows\system32\_004941_.tmp.dll
c:\windows\system32\_004942_.tmp.dll
c:\windows\system32\_004944_.tmp.dll
c:\windows\system32\_004945_.tmp.dll
c:\windows\system32\_004946_.tmp.dll
c:\windows\system32\_004947_.tmp.dll
c:\windows\system32\_004948_.tmp.dll
c:\windows\system32\_004949_.tmp.dll
c:\windows\system32\_004950_.tmp.dll
c:\windows\system32\_004951_.tmp.dll
c:\windows\system32\_004953_.tmp.dll
c:\windows\system32\_004954_.tmp.dll
c:\windows\system32\_004958_.tmp.dll
c:\windows\system32\_004959_.tmp.dll
c:\windows\system32\_004961_.tmp.dll
c:\windows\system32\_004963_.tmp.dll
c:\windows\system32\_004964_.tmp.dll
c:\windows\system32\_004966_.tmp.dll
c:\windows\system32\_004967_.tmp.dll
c:\windows\system32\_004968_.tmp.dll
c:\windows\system32\_004969_.tmp.dll
c:\windows\system32\_004972_.tmp.dll
c:\windows\system32\_004973_.tmp.dll
c:\windows\system32\_004974_.tmp.dll
c:\windows\system32\_004975_.tmp.dll
c:\windows\system32\_004976_.tmp.dll
c:\windows\system32\_004981_.tmp.dll
c:\windows\system32\_004983_.tmp.dll
c:\windows\system32\_004984_.tmp.dll
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\office.exe
.
----- BITS: Possible infected sites -----
.
hxxp://update.flock.com
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-07 22:55 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 22:55 . 2011-05-07 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 22:55 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 03:42 . 2011-05-11 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-07 03:42 . 2011-05-07 03:42 -------- d-----w- c:\program files\AVAST Software
2011-05-07 02:07 . 2011-05-07 02:07 192512 --sha-w- c:\windows\system32\w0akd.dll
2011-04-26 14:26 . 2011-04-26 14:26 -------- d-----w- c:\program files\iPod
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-12 07:46 . 2011-04-12 07:46 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-02-18 23:36 . 2009-09-10 20:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2009-09-10 20:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2011-05-07 02:07 192512 --sha-w- c:\windows\system32\w0akd.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"Flock Update "= "c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe" [2010-10-14 136312]
"AOL Fast Start "= "c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "c:\windows\RTHDCPL.EXE" [2006-06-13 16239616]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"nwiz "= "c:\windows\system32\nwiz.exe" [2006-05-09 1519616]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HostManager "= "c:\program files\Common Files\AOL\1161398680\ee\AOLSoftware.exe" [2008-06-24 41824]
"ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"AlwaysReady Power Message APP "= "c:\windows\ARPWRMSG.EXE" [2005-08-02 77312]
"VX6000 "= "c:\windows\vVX6000.exe" [2006-06-29 994096]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"UVS11 Preload "= "c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-19 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2007-02-05 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-03-11 05:30 282624 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1161398680\\ee\\aolsoftware.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Opera\\Opera.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\myFTP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 4:06 PM 32256]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [10/14/2010 6:52 PM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/14/2010 6:53 PM 64080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2010 4:17 PM 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2010 4:17 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 4:56 PM 2383152]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-06 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-14 14:22]
.
2011-05-11 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-14 14:22]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 23:17]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 23:17]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-05 15:39]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-05 15:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hp-desktop.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
Notify-dimsntfy - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 20:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(9508)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
c:\program files\America Online 9.0\waol.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1161398680\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\program files\America Online 9.0\shellmon.exe
c:\hp\KBD\KBD.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\AOL\1161398680\ee\anotify.exe
.
**************************************************************************
.
Completion time: 2011-05-10 20:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 03:36
ComboFix2.txt 2010-06-10 05:43
.
Pre-Run: 232,689,610,752 bytes free
Post-Run: 232,556,658,688 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 39C6D6DBBDB3E4CB2E850D86C8E80D9E

broni · 2011/05/10

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\w0akd.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
 "AntiVirusOverride "=-
 "FirewallOverride "=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
 "DisableMonitoring "=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "EnableFirewall "= dword:00000001
 "DisableNotifications "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Fetz · 2011/05/11

Per your instructions, the revised Combofix log is below. The computer is definitely starting to work better. Thanks!

ComboFix 11-05-10.02 - HP_Administrator 05/11/2011 5:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1303 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
FILE ::
"c:\windows\system32\w0akd.dll "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\temp\IadHide5.dll
c:\windows\system32\w0akd.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-07 22:55 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-07 22:55 . 2011-05-07 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-07 22:55 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 03:42 . 2011-05-11 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-07 03:42 . 2011-05-07 03:42 -------- d-----w- c:\program files\AVAST Software
2011-04-26 14:26 . 2011-04-26 14:26 -------- d-----w- c:\program files\iPod
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-04-14 10:39 . 2011-04-14 10:39 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-04-12 07:46 . 2011-04-12 07:46 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-02-18 23:36 . 2009-09-10 20:39 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 23:36 . 2009-09-10 20:39 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-13 39408]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"Flock Update "= "c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe" [2010-10-14 136312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "c:\windows\RTHDCPL.EXE" [2006-06-13 16239616]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"nwiz "= "c:\windows\system32\nwiz.exe" [2006-05-09 1519616]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HostManager "= "c:\program files\Common Files\AOL\1161398680\ee\AOLSoftware.exe" [2008-06-24 41824]
"ftutil2 "= "ftutil2.dll" [2004-06-07 106496]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler "= "c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"AlwaysReady Power Message APP "= "c:\windows\ARPWRMSG.EXE" [2005-08-02 77312]
"VX6000 "= "c:\windows\vVX6000.exe" [2006-06-29 994096]
"LogitechCommunicationsManager "= "c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"UVS11 Preload "= "c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher "= "c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-15 47904]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-19 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-19 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-8-19 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2007-02-05 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-03-11 05:30 282624 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\1161398680\\ee\\aolsoftware.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Opera\\Opera.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\myFTP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP "= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP "= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP "= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP "= 50901:TCP:Adobe Version Cue CS3 Server
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/19/2006 4:06 PM 32256]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [10/14/2010 6:52 PM 188272]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/14/2010 6:53 PM 64080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2010 4:17 PM 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/4/2010 4:17 PM 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/29/2006 4:56 PM 2383152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-05-06 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-14 14:22]
.
2011-05-11 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe [2010-10-14 14:22]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 23:17]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 23:17]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-05 15:39]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-05 15:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hp-desktop.aol.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} - c:\windows\system32\w0akd.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 06:12
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(8732)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1161398680\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-05-11 06:36:53 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 13:36
ComboFix2.txt 2011-05-11 03:37
ComboFix3.txt 2010-06-10 05:43
.
Pre-Run: 232,363,368,448 bytes free
Post-Run: 232,343,945,216 bytes free
.
- - End Of File - - F06FE72D6D7C8ABC76A98E1D55CCB062

broni · 2011/05/11

Good news

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Fetz · 2011/05/12

I have to break the OTL.txt into two parts. First part:

OTL logfile created on: 5/11/2011 1:47:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 289.23 Gb Total Space | 216.32 Gb Free Space | 74.79% Space Free | Partition Type: NTFS
Drive D: | 8.83 Gb Total Space | 0.69 Gb Free Space | 7.79% Space Free | Partition Type: FAT32

Computer Name: HPDESKTOP | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 13:44:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2011/02/10 07:00:24 | 000,116,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2011/02/10 06:57:40 | 001,035,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2010/10/14 18:49:05 | 000,138,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2010/10/14 07:22:29 | 000,136,312 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe
PRC - [2010/09/16 07:07:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2008/06/24 11:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1161398680\ee\aolsoftware.exe
PRC - [2007/08/24 15:52:42 | 000,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
PRC - [2007/08/24 15:52:02 | 000,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
PRC - [2007/08/14 03:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/02/08 02:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/10/23 12:04:42 | 000,001,536 | ---- | M] () -- c:\Program Files\Common Files\AOL\1161398680\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/08/19 15:45:19 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
PRC - [2006/06/29 16:55:54 | 000,994,096 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\vVX6000.exe
PRC - [2006/04/13 02:05:00 | 000,090,112 | ---- | M] (Sonic Solutions) -- C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
PRC - [2006/04/06 18:51:18 | 001,073,152 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/04/06 18:50:22 | 000,065,536 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdMgr.exe
PRC - [2006/04/06 18:50:22 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/02 16:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 13:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

========== Modules (SafeList) ==========

MOD - [2011/05/11 13:44:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2007/02/06 18:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/08/19 15:45:16 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Administrator\Local Settings\temp\IadHide5.dll
MOD - [2006/03/06 06:56:15 | 000,081,920 | ---- | M] (America Online, Inc.) -- c:\Program Files\Common Files\AOL\1161398680\ee\services\search\ver2_0_39_1\InjectDll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2011/02/16 15:26:04 | 000,188,272 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/02/04 15:59:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/24 15:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 15:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 15:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 15:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 15:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007/03/03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/02/06 18:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 18:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/08/02 16:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/10/14 18:49:13 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/10/14 18:49:13 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/14 18:49:13 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/10/14 18:49:13 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2007/08/18 03:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2007/03/10 22:30:39 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/02/06 18:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 18:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 18:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/06/29 16:56:04 | 002,383,152 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2006/06/14 04:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/13 09:47:38 | 000,168,064 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/03/03 08:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 08:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2006/01/10 17:48:58 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 04:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 04:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/03/09 07:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 07:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp-desktop.aol.com/
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo! "
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.2
FF - prefs.js..flock.keyword.provider: "Yahoo! "

FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\ [2011/04/12 00:46:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2011/03/30 16:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2011/03/30 16:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2011/03/30 16:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.2\extensions\\Components: C:\Program Files\Flock\components [2011/03/30 16:25:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 20:42:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/04/28 20:53:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/12/23 07:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.2.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2010/12/23 07:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.1.3.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/04/30 20:54:47 | 000,000,000 | ---D | M]

[2010/05/03 15:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/05/03 15:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/03 17:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/05/11 13:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\extensions
[2010/12/08 18:21:40 | 000,000,000 | ---D | M] ( "Garmin Communicator ") -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/28 13:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/14 05:29:28 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\e9m98pfy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/05/10 11:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/13 08:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/28 06:31:37 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\FLOCK\BROWSER\PROFILES\15TA0HTE.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/09/17 15:23:26 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/06/29 16:48:41 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2011/05/11 06:12:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\ARPWRMSG.EXE (Microsoft)
O4 - HKLM..\Run: [DMAScheduler] c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [ftutil2] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161398680\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007..\Run: [Flock Update] C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Flock\Update\FlockUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/01/04 12:05:08 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/01/04 12:05:08 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/01/04 12:05:08 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/01/04 12:05:08 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2027600343-2525283992-176429577-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/27 17:38:03 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (14087303752318976)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 13:44:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/10 20:00:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/10 19:53:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/10 19:53:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/10 19:53:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/10 19:53:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/10 19:44:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/10 19:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Trend_Micro
[2011/05/10 19:31:53 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2011/05/09 18:10:30 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(3).exe
[2011/05/07 15:55:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/07 15:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/07 15:55:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/07 15:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/07 14:56:42 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(2).exe
[2011/05/07 14:52:05 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2011/05/07 08:05:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/06 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/06 20:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/04/26 07:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/26 07:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/12 00:46:28 | 000,000,000 | ---D | C] -- C:\temp
[2010/11/05 10:34:42 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 13:44:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2011/05/11 13:32:00 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 13:28:25 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
[2011/05/11 13:14:00 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job
[2011/05/11 10:14:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
[2011/05/11 07:27:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
[2011/05/11 06:44:00 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/05/11 06:13:48 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/11 06:12:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 06:12:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/11 06:12:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/11 06:11:40 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 06:11:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 06:11:27 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 05:48:00 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/10 20:21:36 | 000,053,574 | ---- | M] () -- C:\VETlog.dmp
[2011/05/10 20:00:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/05/10 19:30:56 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2011/05/10 19:24:26 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/09 18:10:31 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(3).exe
[2011/05/08 12:50:11 | 000,157,184 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/07 21:17:20 | 000,002,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Google Chrome.lnk
[2011/05/07 21:17:20 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/07 15:55:47 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 15:54:53 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2011/05/07 15:50:46 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2011/05/07 15:22:24 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/07 15:17:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2011/05/07 15:15:46 | 000,012,018 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\bn5b6b462h21s58w
[2011/05/07 15:15:46 | 000,012,018 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\bn5b6b462h21s58w
[2011/05/07 15:08:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2011/05/07 14:57:34 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\3q4yj1gs.exe
[2011/05/07 14:56:36 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(2).exe
[2011/05/07 14:56:03 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sdasetup.exe
[2011/05/06 20:41:24 | 056,189,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_av_free.exe
[2011/05/04 15:02:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/30 20:54:47 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/27 16:29:16 | 001,208,844 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0165.jpg
[2011/04/27 16:28:46 | 001,133,431 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0164.jpg
[2011/04/27 15:37:16 | 001,990,535 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0142.jpg
[2011/04/26 07:30:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/04/26 07:30:05 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/26 07:27:46 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/25 14:48:48 | 000,079,423 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sportsmans_Double.jpg
[2011/04/18 23:54:16 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\See All Related Videos --.url

Fetz · 2011/05/12

Second part of OTL.txt:

========== Files Created - No Company Name ==========

[2011/05/10 19:53:45 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/10 19:53:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/10 19:53:45 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/10 19:53:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/10 19:53:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/10 19:46:27 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/10 19:35:17 | 004,345,957 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2011/05/10 19:31:02 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\bootkit_remover.rar
[2011/05/07 15:55:47 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 15:50:43 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2011/05/07 15:22:23 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\dds.scr
[2011/05/07 15:18:03 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2011/05/07 14:57:35 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\3q4yj1gs.exe
[2011/05/07 14:56:10 | 000,513,032 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\sdasetup.exe
[2011/05/06 20:40:38 | 056,189,640 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_av_free.exe
[2011/05/06 19:07:45 | 000,012,018 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\bn5b6b462h21s58w
[2011/05/06 19:07:45 | 000,012,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bn5b6b462h21s58w
[2011/04/30 20:53:55 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/04/30 20:53:55 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/29 09:48:32 | 000,079,423 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Sportsmans_Double.jpg
[2011/04/27 16:29:12 | 001,208,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0165.jpg
[2011/04/27 16:28:42 | 001,133,431 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0164.jpg
[2011/04/27 15:37:14 | 001,990,535 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\IMG_0142.jpg
[2011/04/26 07:27:46 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/04/18 23:54:16 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\See All Related Videos --.url
[2010/11/06 07:06:55 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\u25dts.dll
[2010/11/01 15:13:08 | 000,127,478 | ---- | C] () -- C:\WINDOWS\MeterBasic Uninstaller.exe
[2010/10/26 11:15:14 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/10/26 11:15:14 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/10/26 11:15:12 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/17 14:05:04 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/07/17 15:02:40 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/06/14 20:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/06/14 19:39:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\rx_image.Cache
[2008/06/14 18:18:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/28 21:05:38 | 000,000,270 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2008/04/18 07:37:08 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/04/05 18:55:46 | 000,072,676 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/02/25 17:36:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/10/26 20:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/06/18 16:12:12 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/06/18 16:12:12 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/06/18 16:12:12 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/06/18 16:12:12 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/06/18 16:12:12 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/06/18 16:12:12 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/06/04 12:55:03 | 000,000,084 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2007/06/04 12:52:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vzcontextmenu.dll
[2007/06/04 12:52:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DetectDxQT.dll
[2007/06/04 12:09:50 | 000,007,520 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/22 13:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/03/10 22:25:36 | 000,050,127 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/05 20:34:36 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/03/05 19:43:33 | 000,109,349 | ---- | C] () -- C:\WINDOWS\File Renamer - Basic Uninstaller.exe
[2007/03/05 18:01:33 | 000,072,192 | ---- | C] () -- C:\WINDOWS\unlite3.exe
[2007/03/05 18:01:19 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2007/03/05 18:01:19 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2007/03/05 18:01:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2007/03/05 18:01:19 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/03/05 18:01:17 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2007/03/05 18:01:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2007/02/06 18:45:04 | 000,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 18:42:40 | 001,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/12/30 15:34:27 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/15 18:21:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ORUN32.EXE
[2006/12/15 18:21:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2006/11/18 07:52:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/31 19:21:11 | 000,000,055 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI
[2006/10/24 10:59:21 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/24 10:59:21 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/10/20 19:39:39 | 000,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/20 16:47:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/20 16:46:55 | 000,004,813 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/20 15:40:50 | 000,157,184 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/20 14:57:44 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2006/10/20 14:53:18 | 000,118,667 | ---- | C] () -- C:\WINDOWS\hpoins09.dat
[2006/10/20 12:33:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/20 11:26:52 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/19 16:08:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/19 15:49:34 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/19 15:45:16 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-9972322.exe
[2006/08/19 15:44:32 | 000,014,317 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/19 15:44:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/19 15:41:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/19 15:29:45 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/19 15:29:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/19 15:24:22 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/19 15:23:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/19 15:21:15 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2006/08/19 15:20:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/19 15:20:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/19 15:20:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/19 15:20:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/19 15:20:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/19 15:20:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/19 15:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/19 15:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/19 15:19:59 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/19 15:19:59 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/19 15:19:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/19 15:18:35 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/19 14:57:40 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/19 14:57:40 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/19 14:57:21 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/04/14 19:30:49 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2006/03/09 10:28:40 | 000,011,645 | ---- | C] () -- C:\WINDOWS\hpomdl09.dat
[2005/08/30 14:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/30 14:07:46 | 000,457,112 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/30 14:07:46 | 000,076,532 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/30 14:05:30 | 001,597,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/30 14:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 13:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 16:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/06/11 12:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/09 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/09 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/09 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/09 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/09 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/09 14:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/10 14:34:34 | 001,310,720 | ---- | C] () -- C:\WINDOWS\System32\Veceng52.dll
[2002/06/10 14:29:42 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\arrgrid.dll
[2002/05/21 12:29:58 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\bmw.dll
[2002/03/16 17:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[2001/08/23 01:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 01:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2011/05/10 19:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/11/14 15:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/06/18 16:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/12/23 07:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/11/03 15:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2007/06/04 12:53:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shctxex.vb
[2008/06/14 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2009/09/21 20:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/06/18 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2007/04/14 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/08/19 15:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/12 08:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/06/02 12:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 13:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 15:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/05/11 07:27:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007Core.job
[2011/05/11 13:28:25 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FlockUpdateTaskUserS-1-5-21-2027600343-2525283992-176429577-1007UA.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/10/20 20:03:44 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
[2006/10/20 20:03:44 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
[2009/04/27 17:38:03 | 000,000,150 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/02 13:07:20 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2011/05/10 20:00:39 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2007/10/15 08:17:57 | 001,000,045 | ---- | M] () -- C:\callaway.gif
[2004/08/09 14:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/05/11 06:36:59 | 000,020,016 | ---- | M] () -- C:\ComboFix.txt
[2005/08/30 14:02:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/14 14:19:41 | 000,000,120 | ---- | M] () -- C:\drmHeader.bin
[2007/05/25 19:35:12 | 000,000,056 | ---- | M] () -- C:\EmergencyErrorLog.20070525.txt
[2009/11/22 19:20:39 | 000,000,056 | ---- | M] () -- C:\EmergencyErrorLog.20091122.txt
[2011/02/08 13:28:17 | 000,132,082 | ---- | M] () -- C:\FlockInstaller.log
[2011/05/11 06:11:27 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/19 15:48:33 | 000,000,051 | ---- | M] () -- C:\hpWebHelper.log
[2008/08/21 06:59:12 | 000,000,164 | ---- | M] () -- C:\install.dat
[2005/08/30 14:02:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/08/30 14:02:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 04:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2004/08/09 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/06 09:44:05 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/05/11 06:11:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/05/07 15:51:45 | 000,000,625 | ---- | M] () -- C:\rkill.log
[2006/10/20 18:15:35 | 000,000,280 | -H-- | M] () -- C:\sqmdata00.sqm
[2006/11/09 20:54:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2006/11/10 06:42:26 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2006/11/15 08:24:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2006/11/26 08:46:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2006/12/07 15:28:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/03/29 15:27:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2006/10/20 18:15:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/11/09 20:54:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2006/11/10 06:42:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2006/11/15 08:24:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2006/11/26 08:46:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2006/12/07 15:28:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/03/29 15:27:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2011/05/10 20:21:36 | 000,053,574 | ---- | M] () -- C:\VETlog.dmp
[2011/05/10 20:21:36 | 011,612,549 | ---- | M] () -- C:\VETlog.txt
[2007/01/04 12:04:38 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.dll >
[2006/02/19 03:28:56 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini >
[2005/08/30 14:01:20 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/02/09 15:43:24 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/30 06:51:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/30 06:51:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/30 06:51:10 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/04/30 07:39:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/02/28 14:01:24 | 000,774,144 | ---- | M] () -- C:\WINDOWS\system32\NEROINSTAEC43759.DB

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/10/20 16:40:35 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/30 14:06:40 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/05/07 14:57:34 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\3q4yj1gs.exe
[2009/05/20 12:40:24 | 012,165,751 | ---- | M] (Likno Software) -- C:\Documents and Settings\HP_Administrator\Desktop\AllWebMenusSetup.exe
[2010/01/05 08:38:59 | 000,563,864 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\ChromeSetup.exe
[2011/05/11 05:48:00 | 004,345,957 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2006/11/05 15:52:48 | 062,651,176 | ---- | M] (Macromedia ) -- C:\Documents and Settings\HP_Administrator\Desktop\Dreamweaver8-en.exe
[2010/10/14 07:21:48 | 000,535,776 | ---- | M] (Flock Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\FlockSetup_1_2_213_0.exe
[2010/11/05 10:34:20 | 008,087,301 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GolfMixer.EXE
[2010/11/06 06:48:07 | 009,905,107 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GolfTS.EXE
[2010/10/04 16:16:59 | 000,567,624 | ---- | M] (Google Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\GoogleEarthSetup.exe
[2010/11/02 15:17:16 | 000,392,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gpaper(2).exe
[2010/11/02 15:16:47 | 000,392,280 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\gpaper.exe
[2010/11/16 16:28:38 | 000,975,099 | ---- | M] (Information Packaging ) -- C:\Documents and Settings\HP_Administrator\Desktop\gsw101.exe
[2010/11/05 10:09:22 | 001,806,960 | ---- | M] (DJI Computer Solutions ) -- C:\Documents and Settings\HP_Administrator\Desktop\hdcpxl.exe
[2010/06/14 07:54:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe
[2011/05/07 15:50:46 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\iExplore.exe
[2009/07/24 17:31:22 | 001,962,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\Install Flash Player 10 ActiveX.exe
[2010/11/26 08:34:35 | 092,175,976 | ---- | M] (Wolfram Research, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\MathematicaPlayer_7.0.1_WIN.EXE
[2011/05/07 14:56:36 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(2).exe
[2011/05/09 18:10:31 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup(3).exe
[2011/05/07 15:54:53 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Administrator\Desktop\mbam-setup.exe
[2011/05/07 15:17:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2010/11/01 15:10:35 | 003,645,660 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MeterBasicInstall301.exe
[2007/03/30 12:45:00 | 019,189,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\nsb-install-8-1-3.exe
[2010/10/26 11:14:47 | 009,657,168 | ---- | M] (Officeconvert Software, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\office-convert-pdf-to-jpg-jpeg-tiff-free.exe
[2011/05/11 13:44:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2006/10/28 07:50:19 | 079,210,920 | ---- | M] (Logitech, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\qc1000enu.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Documents and Settings\HP_Administrator\Desktop\remover.exe
[2011/05/07 14:56:03 | 000,513,032 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\sdasetup.exe
[2011/05/06 20:41:24 | 056,189,640 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\setup_av_free.exe
[2008/08/11 07:51:55 | 004,891,216 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\Silverlight.2.0.exe
[2008/08/27 15:02:29 | 021,843,080 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\HP_Administrator\Desktop\SpySweeperRegSetup_EN.exe
[2011/05/07 15:08:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\TFC.exe
[2010/06/22 13:54:11 | 009,030,432 | ---- | M] (Mozilla) -- C:\Documents and Settings\HP_Administrator\Desktop\Thunderbird Setup 3.0.5.exe
[2010/10/14 18:09:25 | 002,472,552 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Administrator\Desktop\Trend_Micro-TiAV3_Installer.exe
[2009/09/13 16:43:56 | 000,209,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\HP_Administrator\Desktop\uninstall_flash_player.exe
[2010/11/03 18:18:25 | 002,143,009 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\vequick.exe
[2010/08/01 11:33:25 | 001,628,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator\Desktop\X16-42918_MHKC4-8MKH3-JGWXK-MC8DJ-GWJG2.exe
[2010/07/17 14:58:30 | 046,899,712 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\zaSetup_92_057_000_en.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/04/14 19:30:49 | 000,013,022 | ---- | M] () -- C:\WINDOWS\VX6000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/09 14:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/10/20 11:28:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\Desktop.ini
[2006/08/19 15:51:57 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Favorites\eBay.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
File Renamer - Basic Uninstaller.exe
MeterBasic Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/11 14:21:45 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\desktop.ini
[2011/05/11 13:55:45 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/09 14:00:00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/03 17:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/03 17:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/03 17:06:34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/10/13 09:24:37 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/03 17:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/03 17:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/03 17:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/03 17:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/03 17:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 02:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\golfswing.GIF:Roxio EMC Stream
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9AEE100C
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94A19129

< End of report >

Log in or Sign up

Solved Virus Removal - "XP Internet Security 2011"

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Virus Removal - "XP Internet Security 2011"

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

broni Moderator Malware Analyst

Fetz Inactive Thread Starter

Fetz Inactive Thread Starter

Share This Page

Useful Searches