Solved Overclick.cn rerouting my searches again

Karenb · 2009/08/11

[Resolved] Overclick.cn rerouting my searches again

I had asked for help not too long ago with my web searches being rerouted by overclick.cn. I finally just got frustrated and did a destructive recovery on my computer as it really needed a cleanout anyway.

After doing that everything was fine for a couple of weeks but now today the darn overclick is back. Why I am getting this thing?

I am running Firefox 3.5.2. on Windows XP;I am using AVG antivirus and Zone alarm firewall. I ran Malwarebytes and it found 7 problems and fixed them but still have good ole overclick lurking around.

What do I need to do to get rid of this thing?

Thanks...Karen

mailman · 2009/08/11

Hi, Karen.

Please carefully follow the directions in this link and paste the appropriate logs into this thread.

Please keep in mind the malware researchers here help several people in their spare time so any particular fix may take a week or two (or even three) and several posts with instructions to follow. The length of time required partly depends on how badly infected your computer is and partly on how quickly/carefully you respond to directions given.

EDIT: BTW, here's a link to Karen's thread where she lost patience and did destructive recovery she mentioned above.

Karenb · 2009/08/12

Here are the 2 DDS logs.

DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 8:22:57.39 on Wed 08/12/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1276 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Desktop\downloaded for BBS Forum to help\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PopupVanish] c:\program files\popupvanish\PopupVanish.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe
mRun: [DMAScheduler] c:\program files\sonic\digitalmedia plus\digitalmedia archive\DMAScheduler.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247751802640
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\kip7p0bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-19 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 108552]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-16 353672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-19 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-08-11 13:50 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WinPatrol
2009-08-11 13:50 <DIR> --d----- c:\program files\BillP Studios
2009-08-11 12:30 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-08-11 12:30 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 12:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-08-11 12:30 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-11 12:30 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 13:55 <DIR> --d----- c:\program files\DVD Shrink
2009-08-05 13:01 104,512 a------- c:\windows\system32\drivers\AnyDVD.sys
2009-08-03 09:13 <DIR> --d----- c:\program files\Defraggler
2009-07-25 14:15 <DIR> --d----- c:\program files\SlySoft
2009-07-21 07:18 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WeatherWatcher
2009-07-21 07:18 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\WeatherWatcherLive
2009-07-21 07:17 102,400 a------- c:\windows\system32\unzip32.dll
2009-07-21 07:17 <DIR> --d----- c:\program files\Weather Watcher Live
2009-07-20 12:32 210,944 a------- c:\windows\system32\MSVCRT10.DLL
2009-07-20 12:32 32,768 a------- c:\windows\system32\plugin.dll
2009-07-20 12:32 210,944 a------- c:\windows\system\MSVCRT10.DLL
2009-07-20 12:32 32,768 a------- c:\windows\system\plugin.dll
2009-07-20 08:43 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-07-19 20:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-07-19 17:06 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-19 16:56 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-19 16:56 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-19 16:56 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 16:56 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-19 16:56 <DIR> --d----- c:\program files\AVG
2009-07-19 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-18 13:33 <DIR> --d----- c:\program files\common files\Jasc Software Inc
2009-07-18 10:59 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\HPQ
2009-07-18 10:37 <DIR> --d-h--- c:\windows\PIF
2009-07-16 21:40 13,824 a------- c:\windows\system32\LAYOUT.DLL
2009-07-16 20:58 266,360 a------- c:\windows\system32\TweakUI.exe
2009-07-16 20:58 160,217 a------- c:\windows\system32\PowerToysLicense.rtf
2009-07-16 20:05 <DIR> --d----- c:\program files\Jasc Software Inc
2009-07-16 20:04 <DIR> --d----- c:\program files\common files\SWF Studio
2009-07-16 16:38 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2009-07-16 16:34 <DIR> --d----- c:\program files\Skype
2009-07-16 16:33 <DIR> --d----- c:\program files\PSP Thumbnail Handler
2009-07-16 16:27 <DIR> --d----- c:\program files\PopupVanish
2009-07-16 16:26 286,720 -------- c:\windows\Setup1.exe
2009-07-16 16:26 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-16 13:54 <DIR> --d----- c:\windows\pss
2009-07-16 12:38 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-16 12:37 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-16 12:37 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-07-16 12:37 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-16 12:37 117,760 -------- c:\windows\system32\prntvpt.dll
2009-07-16 12:37 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-16 12:37 <DIR> --d----- C:\2273bba62f53eb501eeec4
2009-07-16 12:37 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-07-16 12:37 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-16 09:39 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-16 09:34 <DIR> --d----- c:\program files\LSI SoftModem
2009-07-16 09:30 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Windows Desktop Search
2009-07-16 09:29 <DIR> --d----- c:\program files\Windows Desktop Search
2009-07-16 09:29 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-07-16 09:07 2,180,480 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-16 09:07 2,136,064 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-16 09:07 2,057,728 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-16 09:07 2,015,744 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-16 09:03 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-07-16 09:03 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-07-16 08:59 288,768 -------- c:\windows\system32\rhttpaa.dll
2009-07-16 08:59 116,736 -------- c:\windows\system32\aaclient.dll
2009-07-16 08:59 36,352 -------- c:\windows\system32\tsgqec.dll
2009-07-16 08:55 23,040 -------- c:\windows\kb913800.exe
2009-07-16 08:46 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-16 08:43 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-07-16 08:43 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-07-16 08:43 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-16 08:43 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-07-16 08:43 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-16 08:37 <DIR> --d----- c:\windows\B56957059A0B4FBA84AD5F44F3596082.TMP
2009-07-16 08:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-16 08:31 <DIR> --d----- c:\program files\Folder Marker
2009-07-16 07:28 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-16 02:56 21,504 a------- c:\windows\system32\hidserv.dll
2009-07-16 02:56 14,848 a------- c:\windows\system32\drivers\kbdhid.sys
2009-07-16 02:55 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-07-16 02:55 12,160 a------- c:\windows\system32\dllcache\mouhid.sys
2009-07-16 02:55 9,600 a------- c:\windows\system32\drivers\hidusb.sys
2009-07-16 02:55 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-07-16 02:26 <DIR> --d----- c:\program files\Seagate
2009-07-16 02:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-07-16 02:26 <DIR> --d----- c:\program files\MSXML 6.0
2009-07-16 02:25 <DIR> --dsh--- c:\windows\ftpcache
2009-07-16 02:23 54,016 a------- c:\windows\system32\drivers\ousb2hub.sys
2009-07-16 02:23 39,040 a------- c:\windows\system32\drivers\ousbehci.sys
2009-07-16 02:23 <DIR> --d----- c:\windows\Drivers
2009-07-16 02:21 <DIR> --d-h--- C:\BJPrinter
2009-07-16 02:21 7,680 a------- c:\windows\system32\CNMVS6d.DLL
2009-07-16 02:21 116,736 a------- c:\windows\system32\CNMLM6d.DLL
2009-07-16 02:20 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-16 02:20 25,856 a------- c:\windows\system32\dllcache\usbprint.sys
2009-07-16 02:17 36,608 a------- c:\windows\system32\drivers\LHidUsbK.sys
2009-07-16 02:17 26,112 a------- c:\windows\system32\drivers\LHidKE.Sys
2009-07-16 02:14 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-16 02:14 15,104 a------- c:\windows\system32\dllcache\usbscan.sys
2009-07-16 01:52 248 a------- c:\windows\system\hpsysdrv.dat
2009-07-16 01:47 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-16 01:47 75,248 a------- c:\windows\zllsputility.exe
2009-07-16 01:47 11,264 a------- c:\windows\system32\SpOrder.dll
2009-07-16 01:47 350,191 a------- c:\windows\system32\vsconfig.xml
2009-07-16 01:47 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-07-16 01:47 <DIR> --d----- c:\program files\Zone Labs
2009-07-16 01:46 <DIR> --d----- c:\windows\Internet Logs
2009-07-16 01:39 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-07-16 01:37 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-07-16 01:34 <DIR> --dshr-- c:\windows\system32\dllcache
2009-07-16 00:26 <DIR> --d----- C:\Downloads
2009-07-16 00:24 <DIR> --ds---- c:\documents and settings\hp_administrator\UserData
2009-07-16 00:13 <DIR> --d----- c:\program files\common files\ATI Technologies
2009-07-16 00:08 520,192 -------- c:\windows\system32\ati2sgag.exe
2009-07-16 00:07 11,557 a----r-- c:\windows\atiogl.xml
2009-07-16 00:07 344,064 a----r-- c:\windows\system32\ATIDEMGX.dll
2009-07-16 00:07 972,072 a----r-- c:\windows\system32\ativva6x.dat
2009-07-16 00:07 3,107,788 a----r-- c:\windows\system32\ativva5x.dat
2009-07-16 00:07 3,107,788 a----r-- c:\windows\system32\ativvaxx.dat
2009-07-16 00:07 2,096 a----r-- c:\windows\system32\drivers\ativdkxx.vp
2009-07-16 00:06 <DIR> --dshr-- C:\cmdcons
2009-07-16 00:06 <DIR> --d----- c:\windows\setup.pss
2009-07-16 00:06 <DIR> --d----- c:\windows\setupupd
2009-07-16 00:05 1,816 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX513AA-ABA A1473W_YC_0Pavi_QMXK617_E62NAemMPA1_48_IAsterope_SHewleet-Packard_V1.0_B3.11_T060410_WXP2_L409_M2048_J200_7Intel_8Pentium

4_92.8_#060922_N10EC8139_Z11C10620_G_OTSSTcorp CD DVDW TS-H652M_D.MRK
2009-07-16 00:01 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-07-16 00:01 <DIR> --d----- c:\documents and settings\hp_administrator\WINDOWS
2009-07-16 00:01 <DIR> --d----- c:\documents and settings\HP_Administrator

==================== Find3M ====================

2009-08-05 04:11 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 13:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 08:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 03:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 03:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 03:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 03:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 03:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 03:44 724,480 -------- c:\windows\system32\lsasrv.dll
2009-06-25 03:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 03:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 03:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 03:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 03:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 03:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 06:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 06:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-22 06:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 06:34 92,544 -------- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 06:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 -------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 06:50 80,896 -------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:21 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:21 84,992 -------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-09 10:06 1,871,872 -------- c:\windows\system32\mstscax.dll
2009-06-09 10:06 1,871,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 14:24 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 14:24 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-25 07:01 89,256 a------- c:\windows\system32\ElbyCDIO.dll
2009-05-25 00:24 350,208 -------- c:\windows\system32\mssph.dll
2006-09-25 01:57 22 a--sh--- c:\windows\sminst\HPCD.SYS

============= FINISH: 8:24:07.81 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2009 12:00:44 AM
System Uptime: 8/12/2009 7:40:11 AM (1 hours ago)

Motherboard: Hewleet-Packard | | Asterope
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2799/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2799/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 178 GiB total, 155.111 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.424 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP48: 8/11/2009 8:11:18 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AnyDVD
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
ATI MCE Transcode
ATI Parental Control & Encoder
ATI Problem Report Wizard
AVG Free 8.5
AVIVO
BufferChm
CameraDrivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Defraggler (remove only)
Destinations
DISCover
DocProc
DocumentViewer
DocumentViewerQFolder
DVD Shrink 3.2
Easy Internet Sign-up
Fax
Fax_CDA
Folder Marker v 1.2
FullDPAppQFolder
Google Gmail Notifier
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB943232)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 5.3
HP DVD Play 1.0
HP Game Console and games
HP Imaging Device Functions 6.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP PSC & OfficeJet 5.3.B
HP Rhapsody
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP Web Helper
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
J2SE Runtime Environment 5.0 Update 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro 9
Jing
LightScribe 1.4.62.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Standard Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2000
Microsoft Works
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
OptionalContentQFolder
Otto
PanoStandAlone
PC-Doctor 5 for Windows
PhotoGallery
PopupVanish
PS2
PSP Thumbnail Handler
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Remove IntelliMover Demo
Scan
ScannerCopy
Seagate Manager Installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skins
SkinsHP1
Skype™ 3.6
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SpywareBlaster 4.2
Status
TrayApp
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC 9.0 Runtime
Weather Watcher Live
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Search 4.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
WinPatrol 2009
WinRAR archiver
WinZip
ZoneAlarm

==== Event Viewer Messages From Past Week ========

8/8/2009 8:38:02 AM, error: Dhcp [1002] - The IP address lease 65.118.102.113 for the Network Card with network address 0016EC5AF3C0 has

been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/11/2009 8:10:38 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the

volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/11/2009 8:09:33 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the

volume 'HarddiskVolume3'. It has stopped monitoring the volume.
8/11/2009 2:13:23 PM, error: System Error [1003] - Error code 1000000a, parameter1 7f3fdf96, parameter2 00000002, parameter3 00000000,

parameter4 804f44be.

==== End Of File ===========================

broni · 2009/08/12

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.

To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

When prompted to run the scan, click Yes.

GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Karenb · 2009/08/12

GooredFix by jpshortstuff (12.07.09)
Log created at 12:16 on 12/08/2009 (HP_Administrator)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [05:28 16/07/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [21:34 16/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b} "= "c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:46 16/07/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG8\Firefox" [21:56 19/07/2009]

-=E.O.F=-

broni · 2009/08/12

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

Karenb · 2009/08/12

ComboFix 09-08-10.06 - HP_Administrator 08/12/2009 22:43.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1565 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETghqtuood.sys
c:\windows\system32\SKYNETfeqtxyyh.dll
c:\windows\system32\SKYNETjvkilwjd.dll
c:\windows\system32\SKYNETnofodauo.dat
c:\windows\system32\SKYNETokvwrpfw.dat
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETwalykjsn
-------\Legacy_SKYNETwalykjsn

((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-11 19:08 . 2009-08-11 19:08 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 18:50 . 2009-08-11 18:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol
2009-08-11 18:50 . 2006-04-01 07:44 100 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Autoexec.bat
2009-08-11 18:50 . 2005-08-31 04:02 0 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Config.sys
2009-08-11 18:50 . 2009-08-11 18:50 -------- d-----w- c:\program files\BillP Studios
2009-08-11 17:30 . 2009-08-11 17:30 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-11 17:30 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 17:30 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 18:59 . 2009-08-08 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-08 18:55 . 2009-08-08 18:59 -------- d-----w- c:\program files\DVD Shrink
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-04 14:26 . 2009-07-19 21:56 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-08-04 14:25 . 2009-07-19 21:56 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-08-04 14:25 . 2009-07-19 21:56 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-08-04 14:25 . 2009-07-19 21:56 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-08-04 14:25 . 2009-07-19 21:56 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-08-04 14:24 . 2009-07-19 21:56 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-04 14:24 . 2009-07-19 21:56 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-03 14:13 . 2009-08-03 14:13 -------- d-----w- c:\program files\Defraggler
2009-07-28 17:40 . 2009-07-28 17:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-07-25 19:22 . 2009-07-25 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-07-25 19:15 . 2009-07-25 19:15 -------- d-----w- c:\program files\SlySoft
2009-07-23 01:53 . 2009-07-23 01:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-07-22 23:56 . 2009-07-22 23:56 -------- d-----w- c:\windows\Sun
2009-07-22 23:14 . 2009-07-23 00:35 -------- d-----w- c:\program files\QuickTime
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-22 23:13 . 2009-07-22 23:13 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2009-07-21 12:18 . 2009-07-21 12:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherWatcher
2009-07-21 12:18 . 2009-07-21 12:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherWatcherLive
2009-07-21 12:17 . 2009-07-21 12:25 -------- d-----w- c:\program files\Weather Watcher Live
2009-07-21 12:17 . 2004-05-27 06:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-07-20 17:32 . 1998-05-06 23:19 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-07-20 17:32 . 1996-10-30 14:35 32768 ----a-w- c:\windows\system32\plugin.dll
2009-07-20 17:32 . 1998-05-06 23:19 210944 ----a-w- c:\windows\system\MSVCRT10.DLL
2009-07-20 17:32 . 1996-10-30 14:35 32768 ----a-w- c:\windows\system\plugin.dll
2009-07-20 13:48 . 2009-07-19 21:56 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-20 13:43 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-07-20 13:43 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-07-20 13:43 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-07-20 01:46 . 2009-08-11 18:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-19 22:06 . 2009-07-12 06:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-19 21:56 . 2009-07-19 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-19 21:56 . 2009-07-19 21:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-19 21:56 . 2009-08-04 14:25 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 21:56 . 2009-07-19 21:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-19 21:56 . 2009-08-12 23:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-19 21:56 . 2009-07-19 21:56 -------- d-----w- c:\program files\AVG
2009-07-19 21:56 . 2009-07-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 18:33 . 2009-07-18 18:33 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-07-18 15:59 . 2009-07-18 15:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2009-07-18 15:37 . 2009-07-18 15:37 -------- d--h--w- c:\windows\PIF
2009-07-17 03:30 . 2009-08-11 06:25 271800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-17 02:40 . 2001-05-26 20:16 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
2009-07-17 02:23 . 2009-07-17 02:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Microsoft Web Folders
2009-07-17 02:10 . 2009-07-17 02:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe
2009-07-17 01:58 . 2003-06-25 21:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-07-17 01:05 . 2009-07-20 19:09 -------- d-----w- c:\program files\Jasc Software Inc
2009-07-17 01:05 . 2009-07-20 19:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Jasc Software Inc
2009-07-17 01:04 . 2009-07-20 03:59 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-16 21:47 . 2009-08-05 16:09 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\StickyNotes
2009-07-16 21:38 . 2009-07-19 21:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-07-16 21:35 . 2009-08-11 17:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\program files\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\program files\Common Files\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 21:33 . 2009-07-16 21:33 -------- d-----w- c:\program files\PSP Thumbnail Handler
2009-07-16 21:29 . 2009-07-16 21:29 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TechSmith
2009-07-16 21:29 . 2009-07-16 21:29 -------- d-----w- c:\program files\TechSmith
2009-07-16 21:27 . 2009-07-16 21:28 -------- d-----w- c:\program files\PopupVanish
2009-07-16 21:26 . 2009-07-16 21:27 286720 ------w- c:\windows\Setup1.exe
2009-07-16 21:26 . 2009-07-16 21:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\program files\MSBuild
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\program files\Reference Assemblies
2009-07-16 17:37 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-16 17:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-16 17:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-16 17:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-16 17:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-16 17:37 . 2009-07-16 17:38 -------- d-----w- C:\2273bba62f53eb501eeec4
2009-07-16 17:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-16 17:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-16 14:39 . 2009-07-16 14:39 -------- d-----w- c:\program files\MSXML 4.0
2009-07-16 14:34 . 2009-07-16 14:34 -------- d-----w- c:\program files\LSI SoftModem
2009-07-16 14:30 . 2009-07-16 14:30 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2009-07-16 14:30 . 2009-07-16 14:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search
2009-07-16 14:29 . 2009-08-11 19:11 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 14:29 . 2009-07-16 14:29 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-16 14:07 . 2009-02-06 17:24 2180480 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-16 14:07 . 2009-02-06 17:22 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-16 14:07 . 2009-02-06 16:49 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-16 14:07 . 2009-02-06 16:49 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-16 14:03 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-16 14:03 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-16 13:59 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll
2009-07-16 13:59 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll
2009-07-16 13:59 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll
2009-07-16 13:43 . 2008-10-16 19:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-16 13:37 . 2009-07-16 13:37 -------- d-----w- c:\windows\B56957059A0B4FBA84AD5F44F3596082.TMP
2009-07-16 13:37 . 2009-07-16 21:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-16 13:31 . 2009-07-16 13:32 -------- d-----w- c:\program files\Folder Marker
2009-07-16 07:56 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-16 07:56 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-16 07:55 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-16 07:55 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-16 07:55 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-16 07:55 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-16 07:34 . 2009-07-16 07:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-07-16 07:33 . 2009-07-16 07:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\program files\Seagate
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\program files\MSXML 6.0
2009-07-16 07:25 . 2009-07-16 07:25 -------- d-sh--w- c:\windows\ftpcache
2009-07-16 07:23 . 2009-07-16 07:23 -------- d-----w- c:\windows\Drivers
2009-07-16 07:23 . 2002-12-24 18:52 54016 ----a-w- c:\windows\system32\drivers\ousb2hub.sys
2009-07-16 07:23 . 2002-12-24 18:52 39040 ----a-w- c:\windows\system32\drivers\ousbehci.sys
2009-07-16 07:21 . 2009-07-16 07:21 -------- d--h--w- C:\BJPrinter
2009-07-16 07:21 . 2004-06-07 17:00 7680 ----a-w- c:\windows\system32\CNMVS6d.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 20:36 . 2009-07-16 05:01 139 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-20 13:43 . 2009-07-16 06:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:49 . 2006-04-01 07:27 52040 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 02:23 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage
2009-07-16 21:38 . 2009-07-16 21:38 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-07-16 20:45 . 2006-04-01 07:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 12:28 . 2006-04-01 07:44 -------- d-----w- c:\program files\Quicken
2009-07-16 06:57 . 2006-04-01 06:47 -------- d-----w- c:\program files\GemMaster
2009-07-16 06:47 . 2009-07-16 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2009-07-16 06:47 . 2009-07-16 06:47 -------- d-----w- c:\program files\Zone Labs
2009-07-16 05:50 . 2006-04-01 07:56 -------- d-----w- c:\program files\Google
2009-07-16 05:44 . 2006-04-01 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-16 05:44 . 2006-04-01 08:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 05:19 . 2006-04-01 07:06 -------- d-----w- c:\program files\ATI Technologies
2009-07-16 05:05 . 2009-07-16 05:05 1816 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX513AA-ABA A1473W_YC_0Pavi_QMXK617_E62NAemMPA1_48_IAsterope_SHewleet-Packard_V1.0_B3.11_T060410_WXP2_L409_M2048_J200_7Intel_8Pentium 4_92.8_#060922_N10EC8139_Z11C10620_G_OTSSTcorp CD DVDW TS-H652M_D.MRK
2009-07-13 15:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-10 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-10 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-10 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-10 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-10 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-10 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-10 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-10 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-10 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-10 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-10 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-10 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-10 04:00 724480 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-10 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-10 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-10 04:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-10 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-10 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-10 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-10 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-10 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-10 11:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-10 04:00 80896 ------w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-10 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-10 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2004-08-10 04:00 1871872 ------w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-25 05:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2006-09-25 06:57 . 2009-07-16 06:52 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopupVanish "= "c:\program files\PopupVanish\PopupVanish.exe" [2002-11-22 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager "= "c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler "= "c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-19 1948440]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-4-1 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-19 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"c:\\Program Files\\DISC\\myFTP.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2009 4:56 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2009 4:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/19/2009 4:56 PM 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE

.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\kip7p0bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-13 22:51
ComboFix-quarantined-files.txt 2009-08-13 03:51

Pre-Run: 166,712,197,120 bytes free
Post-Run: 166,934,130,688 bytes free

367
------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:48 PM, on 8/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe "
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [PopupVanish] C:\Program Files\PopupVanish\PopupVanish.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247751802640
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7915 bytes

Karenb · 2009/08/12

After I ran Combofix and restarted my computer this popped up. I am so gun shy now I am scared to click yes to anything so what is this?

"A change has been detected in your Internet Explorer Search Page. Your new page is http://www.microsoft.com/isapi/redir.dll?prd=ie&ar-iesearch

If this is okay,then click Yes or press enter,
Click no or press esc and we'll restore your page to
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop. "

That box popped up from WinPatrol but I don't really know what it means so I am afraid to click yes or no.

What does it mean and which should I click?

broni · 2009/08/12

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
103C_HP_CPC_EX513AA-ABA A1473W_YC_0Pavi_QMXK617_E62NAemMPA1_48_IAsterope_SHewleet-Packard_V1.0_B3.11_T060410_WXP2_L409_M2048_J200_7Intel_8Pentium 4_92.8_#060922_N10EC8139_Z11C10620_G_OTSSTcorp CD DVDW TS-H652M_D.MRK located @ c:\windows\system32\drivers
Post scan results.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Setup1.exe
c:\windows\B56957059A0B4FBA84AD5F44F3596082.TMP
c:\windows\system32\CNMVS6d.DLL


Folder::

Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

Karenb · 2009/08/12

Ok I am sorry but I am lost right off the bat. I am in the Windows\system32\drivers folder and I can't even see anything that starts with 103.

I am not that computer literate when it comes to system folders.

Also will I need to undo my antivirus again to run combofix again?

broni · 2009/08/12

will I need to undo my antivirus again to run combofix again?
Click to expand...

Yes.

Run Combofix script first. When done, post fresh Combofix log, and then....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:dir
c:\windows\system32\drivers
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Karenb · 2009/08/13

ComboFix 09-08-10.06 - HP_Administrator 08/13/2009 0:11.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 03:53 . 2009-08-13 03:53 -------- d-----w- c:\program files\Trend Micro
2009-08-11 19:08 . 2009-08-11 19:08 -------- d-----w- c:\windows\ServicePackFiles
2009-08-11 18:50 . 2009-08-11 18:50 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol
2009-08-11 18:50 . 2006-04-01 07:44 100 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Autoexec.bat
2009-08-11 18:50 . 2005-08-31 04:02 0 ----a-w- c:\documents and settings\HP_Administrator\Application Data\WinPatrol\Config.sys
2009-08-11 17:30 . 2009-08-11 17:30 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-08-11 17:30 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-11 17:30 . 2009-08-11 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-11 17:30 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 18:59 . 2009-08-08 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-08 18:55 . 2009-08-08 18:59 -------- d-----w- c:\program files\DVD Shrink
2009-08-05 18:01 . 2009-08-05 18:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-08-04 14:26 . 2009-07-19 21:56 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-08-04 14:25 . 2009-07-19 21:56 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-08-04 14:25 . 2009-07-19 21:56 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-08-04 14:25 . 2009-07-19 21:56 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-08-04 14:25 . 2009-07-19 21:56 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-08-04 14:24 . 2009-07-19 21:56 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-08-04 14:24 . 2009-07-19 21:56 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-08-03 14:13 . 2009-08-03 14:13 -------- d-----w- c:\program files\Defraggler
2009-07-28 17:40 . 2009-07-28 17:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-07-25 19:22 . 2009-07-25 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-07-25 19:15 . 2009-07-25 19:15 -------- d-----w- c:\program files\SlySoft
2009-07-23 01:53 . 2009-07-23 01:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-07-22 23:56 . 2009-07-22 23:56 -------- d-----w- c:\windows\Sun
2009-07-22 23:14 . 2009-07-23 00:35 -------- d-----w- c:\program files\QuickTime
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\program files\Apple Software Update
2009-07-22 23:14 . 2009-07-22 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-22 23:13 . 2009-07-22 23:13 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Apple Computer
2009-07-21 12:18 . 2009-07-21 12:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherWatcher
2009-07-21 12:18 . 2009-07-21 12:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\WeatherWatcherLive
2009-07-21 12:17 . 2009-07-21 12:25 -------- d-----w- c:\program files\Weather Watcher Live
2009-07-21 12:17 . 2004-05-27 06:32 102400 ----a-w- c:\windows\system32\unzip32.dll
2009-07-20 17:32 . 1998-05-06 23:19 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2009-07-20 17:32 . 1996-10-30 14:35 32768 ----a-w- c:\windows\system32\plugin.dll
2009-07-20 17:32 . 1998-05-06 23:19 210944 ----a-w- c:\windows\system\MSVCRT10.DLL
2009-07-20 17:32 . 1996-10-30 14:35 32768 ----a-w- c:\windows\system\plugin.dll
2009-07-20 13:48 . 2009-07-19 21:56 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-20 13:43 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-07-20 13:43 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-07-20 13:43 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-07-20 01:46 . 2009-08-11 18:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-19 22:06 . 2009-07-12 06:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-19 21:56 . 2009-07-19 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-19 21:56 . 2009-07-19 21:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-19 21:56 . 2009-08-04 14:25 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-19 21:56 . 2009-07-19 21:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-19 21:56 . 2009-08-12 23:19 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-19 21:56 . 2009-07-19 21:56 -------- d-----w- c:\program files\AVG
2009-07-19 21:56 . 2009-07-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-18 18:33 . 2009-07-18 18:33 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2009-07-18 15:59 . 2009-07-18 15:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HPQ
2009-07-18 15:37 . 2009-07-18 15:37 -------- d--h--w- c:\windows\PIF
2009-07-17 03:30 . 2009-08-13 05:15 271800 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-17 02:40 . 2001-05-26 20:16 13824 ----a-w- c:\windows\system32\LAYOUT.DLL
2009-07-17 02:23 . 2009-07-17 02:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Microsoft Web Folders
2009-07-17 02:10 . 2009-07-17 02:12 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Adobe
2009-07-17 01:58 . 2003-06-25 21:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2009-07-17 01:05 . 2009-07-20 19:09 -------- d-----w- c:\program files\Jasc Software Inc
2009-07-17 01:05 . 2009-07-20 19:09 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Jasc Software Inc
2009-07-17 01:04 . 2009-07-20 03:59 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-07-16 21:47 . 2009-08-05 16:09 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\StickyNotes
2009-07-16 21:38 . 2009-07-19 21:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\skypePM
2009-07-16 21:35 . 2009-08-11 17:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\program files\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\program files\Common Files\Skype
2009-07-16 21:34 . 2009-07-16 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 21:33 . 2009-07-16 21:33 -------- d-----w- c:\program files\PSP Thumbnail Handler
2009-07-16 21:29 . 2009-07-16 21:29 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TechSmith
2009-07-16 21:29 . 2009-07-16 21:29 -------- d-----w- c:\program files\TechSmith
2009-07-16 21:27 . 2009-07-16 21:28 -------- d-----w- c:\program files\PopupVanish
2009-07-16 21:26 . 2009-07-16 21:27 286720 ------w- c:\windows\Setup1.exe
2009-07-16 21:26 . 2009-07-16 21:27 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\program files\MSBuild
2009-07-16 17:38 . 2009-07-16 17:38 -------- d-----w- c:\program files\Reference Assemblies
2009-07-16 17:37 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-16 17:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-16 17:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-16 17:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-16 17:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-16 17:37 . 2009-07-16 17:38 -------- d-----w- C:\2273bba62f53eb501eeec4
2009-07-16 17:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-16 17:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-16 14:39 . 2009-07-16 14:39 -------- d-----w- c:\program files\MSXML 4.0
2009-07-16 14:34 . 2009-07-16 14:34 -------- d-----w- c:\program files\LSI SoftModem
2009-07-16 14:30 . 2009-07-16 14:30 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2009-07-16 14:30 . 2009-07-16 14:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search
2009-07-16 14:29 . 2009-08-11 19:11 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-16 14:29 . 2009-07-16 14:29 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-16 14:07 . 2009-02-06 17:24 2180480 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-16 14:07 . 2009-02-06 17:22 2136064 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-16 14:07 . 2009-02-06 16:49 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-16 14:07 . 2009-02-06 16:49 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-16 14:03 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-16 14:03 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-16 13:59 . 2006-11-13 06:02 36352 ------w- c:\windows\system32\tsgqec.dll
2009-07-16 13:59 . 2006-11-13 06:02 288768 ------w- c:\windows\system32\rhttpaa.dll
2009-07-16 13:59 . 2006-11-13 06:02 116736 ------w- c:\windows\system32\aaclient.dll
2009-07-16 13:43 . 2008-10-16 19:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-07-16 13:37 . 2009-07-16 13:37 -------- d-----w- c:\windows\B56957059A0B4FBA84AD5F44F3596082.TMP
2009-07-16 13:37 . 2009-07-16 21:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-16 13:31 . 2009-07-16 13:32 -------- d-----w- c:\program files\Folder Marker
2009-07-16 07:56 . 2004-08-04 07:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-16 07:56 . 2004-08-04 05:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-16 07:55 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-16 07:55 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-16 07:55 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-07-16 07:55 . 2004-08-04 06:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-16 07:34 . 2009-07-16 07:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Sonic
2009-07-16 07:33 . 2009-07-16 07:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\program files\Seagate
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
2009-07-16 07:26 . 2009-07-16 07:26 -------- d-----w- c:\program files\MSXML 6.0
2009-07-16 07:25 . 2009-07-16 07:25 -------- d-sh--w- c:\windows\ftpcache
2009-07-16 07:23 . 2009-07-16 07:23 -------- d-----w- c:\windows\Drivers
2009-07-16 07:23 . 2002-12-24 18:52 54016 ----a-w- c:\windows\system32\drivers\ousb2hub.sys
2009-07-16 07:23 . 2002-12-24 18:52 39040 ----a-w- c:\windows\system32\drivers\ousbehci.sys
2009-07-16 07:21 . 2009-07-16 07:21 -------- d--h--w- C:\BJPrinter
2009-07-16 07:21 . 2004-06-07 17:00 7680 ----a-w- c:\windows\system32\CNMVS6d.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 20:36 . 2009-07-16 05:01 139 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
2009-08-05 09:11 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-07-20 13:43 . 2009-07-16 06:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-17 18:55 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 02:49 . 2006-04-01 07:27 52040 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 02:23 . 2005-11-15 01:06 -------- d-----w- c:\program files\microsoft frontpage
2009-07-16 21:38 . 2009-07-16 21:38 32 ----a-w- c:\documents and settings\All Users\Application Data\ezsid.dat
2009-07-16 20:45 . 2006-04-01 07:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 12:28 . 2006-04-01 07:44 -------- d-----w- c:\program files\Quicken
2009-07-16 06:57 . 2006-04-01 06:47 -------- d-----w- c:\program files\GemMaster
2009-07-16 06:47 . 2009-07-16 06:47 -------- d-----w- c:\documents and settings\All Users\Application Data\MailFrontier
2009-07-16 06:47 . 2009-07-16 06:47 -------- d-----w- c:\program files\Zone Labs
2009-07-16 05:50 . 2006-04-01 07:56 -------- d-----w- c:\program files\Google
2009-07-16 05:44 . 2006-04-01 08:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-16 05:44 . 2006-04-01 08:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-16 05:19 . 2006-04-01 07:06 -------- d-----w- c:\program files\ATI Technologies
2009-07-16 05:05 . 2009-07-16 05:05 1816 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_EX513AA-ABA A1473W_YC_0Pavi_QMXK617_E62NAemMPA1_48_IAsterope_SHewleet-Packard_V1.0_B3.11_T060410_WXP2_L409_M2048_J200_7Intel_8Pentium 4_92.8_#060922_N10EC8139_Z11C10620_G_OTSSTcorp CD DVDW TS-H652M_D.MRK
2009-07-13 15:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-10 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-10 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-10 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-10 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-10 04:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-10 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-10 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-10 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-10 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-10 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-10 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-10 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-10 04:00 724480 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-10 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-10 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-10 04:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-10 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-10 04:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-10 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-10 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-10 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-10 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-10 11:00 92544 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-10 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-08-10 04:00 80896 ------w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-08-10 11:00 76288 ------w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-08-10 04:00 84992 ------w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2004-08-10 04:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 15:06 . 2004-08-10 04:00 1871872 ------w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-25 05:24 . 2008-05-27 03:18 350208 ------w- c:\windows\system32\mssph.dll
2006-09-25 06:57 . 2009-07-16 06:52 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopupVanish "= "c:\program files\PopupVanish\PopupVanish.exe" [2002-11-22 69632]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"HPHUPD08 "= "c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover "= "c:\program files\DISC\DISCover.exe" [2005-11-12 1064960]
"DiscUpdateManager "= "c:\program files\DISC\DiscUpdateMgr.exe" [2005-11-12 61440]
"DMAScheduler "= "c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 90112]
"Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp "= "c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-19 1948440]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AlwaysReady Power Message APP "= "ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-4-1 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-19 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\DISC\\DISCover.exe "=
"c:\\Program Files\\DISC\\DiscStreamHub.exe "=
"c:\\Program Files\\DISC\\myFTP.exe "=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/19/2009 4:56 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/19/2009 4:56 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/19/2009 4:56 PM 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\kip7p0bi.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 00:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2648)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\shdoclc.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-13 0:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 05:23
ComboFix2.txt 2009-08-13 03:51

Pre-Run: 166,924,984,320 bytes free
Post-Run: 166,886,248,448 bytes free

383

Karenb · 2009/08/13

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 00:37 on 13/08/2009 by HP_Administrator (Administrator - Elevation successful)

========== dir ==========

c:\windows\system32\drivers - Parameters: "(none) "

---Files---
103C_HP_CPC_EX513AA-ABA A1473W_YC_0Pavi_QMXK617_E62NAemMPA1_48_IAsterope_SHewleet-Packard_V1.0_B3.11_T060410_WXP2_L409_M2048_J200_7Intel_8Pentium 4_92.8_#060922_N10EC8139_Z11C10620_G_OTSSTcorp CD DVDW TS-H652M_D.MRK -rahs- 1816 bytes [05:05 16/07/2009] [05:05 16/07/2009]
1394bus.sys ------ 53248 bytes [04:00 10/08/2004] [04:00 10/08/2004]
acpi.sys ------ 187776 bytes [04:00 10/08/2004] [04:00 10/08/2004]
acpiec.sys ------ 11648 bytes [04:00 10/08/2004] [04:00 10/08/2004]
aec.sys --a--- 142464 bytes [07:10 01/04/2006] [00:22 15/02/2006]
afd.sys ------ 138368 bytes [04:00 10/08/2004] [09:51 14/08/2008]
AGRSM.sys --a--- 1204128 bytes [07:07 01/04/2006] [01:43 30/10/2008]
amdk6.sys ------ 36992 bytes [11:00 10/08/2004] [11:00 10/08/2004]
amdk7.sys ------ 37376 bytes [11:00 10/08/2004] [11:00 10/08/2004]
AnyDVD.sys --a--- 104512 bytes [18:01 05/08/2009] [18:01 05/08/2009]
aracpi.sys ------ 22784 bytes [07:19 03/08/2005] [07:19 03/08/2005]
arhidfltr.sys ------ 19200 bytes [07:19 03/08/2005] [07:19 03/08/2005]
arkbcfltr.sys ------ 5376 bytes [07:19 03/08/2005] [07:19 03/08/2005]
armoucfltr.sys ------ 4992 bytes [07:19 03/08/2005] [07:19 03/08/2005]
arp1394.sys ------ 60800 bytes [11:00 10/08/2004] [11:00 10/08/2004]
arpolicy.sys ------ 10112 bytes [07:19 03/08/2005] [07:19 03/08/2005]
asyncmac.sys ------ 14336 bytes [04:00 10/08/2004] [04:00 10/08/2004]
atapi.sys --a--- 95360 bytes [04:00 10/08/2004] [13:59 04/08/2004]
ati2erec.dll --a--- 49152 bytes [07:06 01/04/2006] [01:15 27/06/2007]
ati2mtag.sys --a--- 2303488 bytes [07:06 01/04/2006] [01:58 27/06/2007]
ativcaxx.cpa -ra--- 1311202 bytes [07:06 01/04/2006] [12:19 18/04/2007]
ativcaxx.vp -ra--- 929 bytes [07:06 01/04/2006] [12:19 18/04/2007]
ativckxx.vp -ra--- 2096 bytes [07:06 01/04/2006] [21:26 23/08/2006]
ativdkxx.vp -ra--- 2096 bytes [05:07 16/07/2009] [12:19 18/04/2007]
ativvpxx.vp -ra--- 44240 bytes [07:06 01/04/2006] [02:27 27/06/2007]
atmarpc.sys ------ 59904 bytes [04:00 10/08/2004] [04:00 10/08/2004]
atmepvc.sys ------ 31360 bytes [04:00 10/08/2004] [04:00 10/08/2004]
atmlane.sys ------ 55936 bytes [04:00 10/08/2004] [04:00 10/08/2004]
atmuni.sys ------ 352256 bytes [04:00 10/08/2004] [04:00 10/08/2004]
audstub.sys ------ 3072 bytes [12:59 17/08/2001] [12:59 17/08/2001]
avgldx86.sys --a--- 335752 bytes [21:56 19/07/2009] [14:25 04/08/2009]
avgmfx86.sys --a--- 27784 bytes [21:56 19/07/2009] [21:56 19/07/2009]
avgtdix.sys --a--- 108552 bytes [21:56 19/07/2009] [21:56 19/07/2009]
bb-run.sys ------ 17408 bytes [14:45 05/11/2003] [14:45 05/11/2003]
beep.sys ------ 4224 bytes [04:00 10/08/2004] [04:00 10/08/2004]
bridge.sys ------ 71552 bytes [04:00 10/08/2004] [04:00 10/08/2004]
bthport.sys ------ 272128 bytes [14:03 16/07/2009] [13:10 13/06/2008]
cbidf2k.sys ------ 13952 bytes [04:00 10/08/2004] [04:00 10/08/2004]
cdaudio.sys ------ 18688 bytes [11:00 10/08/2004] [11:00 10/08/2004]
cdfs.sys ------ 63744 bytes [04:00 10/08/2004] [04:00 10/08/2004]
cdrom.sys ------ 49536 bytes [04:00 10/08/2004] [04:00 10/08/2004]
cinemst2.sys ------ 262528 bytes [11:00 10/08/2004] [11:00 10/08/2004]
classpnp.sys ------ 49664 bytes [04:00 10/08/2004] [04:00 10/08/2004]
cpqdap01.sys ------ 11776 bytes [11:00 10/08/2004] [11:00 10/08/2004]
crusoe.sys ------ 36480 bytes [11:00 10/08/2004] [11:00 10/08/2004]
disk.sys ------ 36352 bytes [04:00 10/08/2004] [04:00 10/08/2004]
diskdump.sys ------ 14208 bytes [04:00 10/08/2004] [04:00 10/08/2004]
dmboot.sys ------ 799744 bytes [04:00 10/08/2004] [04:00 10/08/2004]
dmio.sys ------ 153344 bytes [04:00 10/08/2004] [04:00 10/08/2004]
dmload.sys ------ 5888 bytes [04:00 10/08/2004] [04:00 10/08/2004]
DMusic.sys --a--- 52864 bytes [07:10 01/04/2006] [14:07 04/08/2004]
drmk.sys --a--- 60288 bytes [07:09 01/04/2006] [04:08 04/08/2004]
drmkaud.sys --a--- 2944 bytes [07:10 01/04/2006] [14:07 04/08/2004]
dxapi.sys ------ 10496 bytes [04:00 10/08/2004] [04:00 10/08/2004]
dxg.sys ------ 71040 bytes [04:00 10/08/2004] [04:00 10/08/2004]
dxgthk.sys ------ 3328 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ElbyCDIO.sys --a--- 24232 bytes [17:11 17/02/2009] [17:11 17/02/2009]
enum1394.sys ------ 6400 bytes [12:46 17/08/2001] [12:46 17/08/2001]
fastfat.sys ------ 143360 bytes [04:00 10/08/2004] [04:00 10/08/2004]
fdc.sys ------ 27392 bytes [04:00 10/08/2004] [04:00 10/08/2004]
fips.sys ------ 34944 bytes [04:00 10/08/2004] [04:00 10/08/2004]
flpydisk.sys ------ 20480 bytes [04:00 10/08/2004] [04:00 10/08/2004]
fltmgr.sys ------ 128896 bytes [04:00 10/08/2004] [09:14 21/08/2006]
fsvga.sys ------ 12160 bytes [11:00 10/08/2004] [11:00 10/08/2004]
fs_rec.sys ------ 7936 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ftdisk.sys ------ 125056 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ftsata2.sys ------ 175104 bytes [00:03 30/06/2005] [00:03 30/06/2005]
gm.dls ------ 3440660 bytes [04:00 10/08/2004] [04:00 10/08/2004]
gmreadme.txt ------ 646 bytes [04:00 10/08/2004] [04:00 10/08/2004]
Hdaudbus.sys ------ 138752 bytes [08:07 08/01/2005] [08:07 08/01/2005]
Hdaudio.sys ------ 145920 bytes [08:07 08/01/2005] [08:07 08/01/2005]
hidclass.sys ------ 36224 bytes [04:00 10/08/2004] [04:00 10/08/2004]
hidir.sys ------ 19200 bytes [06:48 01/04/2006] [00:48 11/01/2006]
hidparse.sys ------ 24960 bytes [04:00 10/08/2004] [04:00 10/08/2004]
hidusb.sys --a--- 9600 bytes [07:55 16/07/2009] [21:02 17/08/2001]
http.sys ------ 262784 bytes [04:00 10/08/2004] [00:33 17/03/2006]
i8042prt.sys --a--- 52736 bytes [04:00 10/08/2004] [14:14 04/08/2004]
iaStor.sys ------ 872064 bytes [13:33 17/06/2005] [13:33 17/06/2005]
imapi.sys ------ 41856 bytes [04:00 10/08/2004] [04:00 10/08/2004]
intelide.sys --a--- 5504 bytes [08:15 01/04/2006] [13:59 04/08/2004]
intelppm.sys --a--- 36096 bytes [06:44 01/04/2006] [13:59 04/08/2004]
ip6fw.sys ------ 29056 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ipfltdrv.sys ------ 32896 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ipinip.sys ------ 20992 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ipnat.sys ------ 134912 bytes [04:00 10/08/2004] [22:28 29/09/2004]
ipsec.sys ------ 74752 bytes [04:00 10/08/2004] [04:00 10/08/2004]
irbus.sys ------ 46592 bytes [06:48 01/04/2006] [00:48 11/01/2006]
irenum.sys ------ 11264 bytes [04:00 10/08/2004] [04:00 10/08/2004]
isapnp.sys ------ 35840 bytes [04:00 10/08/2004] [04:00 10/08/2004]
kbdclass.sys --a--- 24576 bytes [04:00 10/08/2004] [13:58 04/08/2004]
kbdhid.sys --a--- 14848 bytes [07:56 16/07/2009] [05:58 04/08/2004]
kmixer.sys --a--- 172416 bytes [07:10 01/04/2006] [08:47 14/06/2006]
ks.sys --a--- 140928 bytes [11:00 10/08/2004] [04:15 04/08/2004]
ksecdd.sys ------ 92544 bytes [11:00 10/08/2004] [11:34 22/06/2009]
LHidKE.Sys --a--- 26112 bytes [07:17 16/07/2009] [04:41 23/07/2005]
LHidUsbK.sys --a--- 36608 bytes [07:17 16/07/2009] [04:41 23/07/2005]
mbam.sys --a--- 19096 bytes [17:30 11/08/2009] [18:36 03/08/2009]
mbamswissarmy.sys --a--- 38160 bytes [17:30 11/08/2009] [18:36 03/08/2009]
mcd.sys ------ 7680 bytes [04:00 10/08/2004] [04:00 10/08/2004]
mf.sys ------ 63744 bytes [11:00 10/08/2004] [11:00 10/08/2004]
mhndrv.sys ------ 11008 bytes [09:45 10/08/2004] [09:45 10/08/2004]
mnmdd.sys ------ 4224 bytes [04:00 10/08/2004] [04:00 10/08/2004]
modem.sys ------ 30080 bytes [11:00 10/08/2004] [11:00 10/08/2004]
mouclass.sys --a--- 23040 bytes [11:00 10/08/2004] [03:58 04/08/2004]
mouhid.sys --a--- 12160 bytes [07:55 16/07/2009] [18:48 17/08/2001]
mountmgr.sys ------ 42240 bytes [04:00 10/08/2004] [04:00 10/08/2004]
mqac.sys --a--- 91776 bytes [04:00 10/08/2004] [11:48 22/06/2009]
mrxdav.sys ------ 179584 bytes [04:00 10/08/2004] [09:51 18/12/2007]
mrxsmb.sys ------ 453632 bytes [04:00 10/08/2004] [11:10 24/10/2008]
msfs.sys ------ 19072 bytes [04:00 10/08/2004] [04:00 10/08/2004]
msgpc.sys ------ 35072 bytes [04:00 10/08/2004] [04:00 10/08/2004]
MSKSSRV.sys --a--- 7552 bytes [07:10 01/04/2006] [13:58 04/08/2004]
MSPCLOCK.sys --a--- 5376 bytes [07:10 01/04/2006] [13:58 04/08/2004]
MSPQM.sys --a--- 4992 bytes [07:10 01/04/2006] [13:58 04/08/2004]
mssmbios.sys ------ 15488 bytes [11:00 10/08/2004] [11:00 10/08/2004]
mup.sys ------ 107904 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ndis.sys ------ 182912 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ndistapi.sys ------ 9600 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ndisuio.sys ------ 14592 bytes [11:00 10/08/2004] [08:52 21/06/2005]
ndiswan.sys ------ 91776 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ndproxy.sys ------ 38016 bytes [04:00 10/08/2004] [04:00 10/08/2004]
netbios.sys ------ 34560 bytes [04:00 10/08/2004] [04:00 10/08/2004]
netbt.sys ------ 162816 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nic1394.sys ------ 61824 bytes [11:00 10/08/2004] [11:00 10/08/2004]
nikedrv.sys ------ 12032 bytes [11:00 10/08/2004] [11:00 10/08/2004]
nmnt.sys ------ 40320 bytes [04:00 10/08/2004] [04:00 10/08/2004]
npfs.sys ------ 30848 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ntfs.sys ------ 574464 bytes [11:00 10/08/2004] [11:10 09/02/2007]
null.sys ------ 2944 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwlnkflt.sys ------ 12416 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwlnkfwd.sys ------ 32512 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwlnkipx.sys ------ 88448 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwlnknb.sys ------ 63232 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwlnkspx.sys ------ 55936 bytes [04:00 10/08/2004] [04:00 10/08/2004]
nwrdr.sys ------ 163584 bytes [04:00 10/08/2004] [10:23 13/10/2006]
ohci1394.sys ------ 61056 bytes [04:00 10/08/2004] [04:00 10/08/2004]
oprghdlr.sys ------ 3456 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ousb2hub.sys --a--- 54016 bytes [07:23 16/07/2009] [18:52 24/12/2002]
ousbehci.sys --a--- 39040 bytes [07:23 16/07/2009] [18:52 24/12/2002]
p3.sys ------ 42496 bytes [11:00 10/08/2004] [11:00 10/08/2004]
parport.sys ------ 80128 bytes [11:00 10/08/2004] [11:00 10/08/2004]
partmgr.sys ------ 18688 bytes [04:00 10/08/2004] [04:00 10/08/2004]
parvdm.sys ------ 6784 bytes [04:00 10/08/2004] [04:00 10/08/2004]
pcdrndisuio.sys --a--- 13440 bytes [07:51 01/04/2006] [02:58 19/11/2005]
pci.sys ------ 68224 bytes [04:00 10/08/2004] [04:00 10/08/2004]
pciide.sys --a--- 3328 bytes [04:00 10/08/2004] [04:51 18/08/2001]
pciidex.sys --a--- 25088 bytes [04:00 10/08/2004] [13:59 04/08/2004]
pcmcia.sys ------ 119936 bytes [04:00 10/08/2004] [04:00 10/08/2004]
portcls.sys --a--- 136960 bytes [01:58 17/03/2004] [01:58 17/03/2004]
processr.sys ------ 35328 bytes [11:00 10/08/2004] [11:00 10/08/2004]
PS2.sys --a--- 19072 bytes [07:24 01/04/2006] [23:27 12/12/2005]
psched.sys ------ 69120 bytes [04:00 10/08/2004] [04:00 10/08/2004]
ptilink.sys ------ 17792 bytes [04:00 10/08/2004] [04:00 10/08/2004]
pxhelp20.sys --a--- 20640 bytes [17:03 25/04/2005] [17:03 25/04/2005]
rasacd.sys ------ 8832 bytes [04:00 10/08/2004] [04:00 10/08/2004]
rasl2tp.sys ------ 51328 bytes [04:00 10/08/2004] [04:00 10/08/2004]
raspppoe.sys ------ 41472 bytes [04:00 10/08/2004] [04:00 10/08/2004]
raspptp.sys ------ 48384 bytes [04:00 10/08/2004] [04:00 10/08/2004]
raspti.sys ------ 16512 bytes [04:00 10/08/2004] [04:00 10/08/2004]
rawwan.sys ------ 34432 bytes [04:00 10/08/2004] [04:00 10/08/2004]
rdbss.sys ------ 174592 bytes [04:00 10/08/2004] [09:47 05/05/2006]
rdpcdd.sys ------ 4224 bytes [04:00 10/08/2004] [04:00 10/08/2004]
rdpdr.sys ------ 196864 bytes [05:01 04/08/2004] [05:01 04/08/2004]
rdpwd.sys ------ 139528 bytes [04:00 10/08/2004] [04:09 10/06/2005]
redbook.sys ------ 57472 bytes [21:59 03/08/2004] [21:59 03/08/2004]
RegKill.sys --a--- 11984 bytes [00:56 16/02/2007] [00:56 16/02/2007]
rio8drv.sys ------ 12032 bytes [11:00 10/08/2004] [11:00 10/08/2004]
riodrv.sys ------ 12032 bytes [11:00 10/08/2004] [11:00 10/08/2004]
rmcast.sys ------ 202752 bytes [04:00 10/08/2004] [12:28 08/05/2008]
rndismp.sys ------ 30080 bytes [04:00 10/08/2004] [04:00 10/08/2004]
rootmdm.sys ------ 5888 bytes [04:00 10/08/2004] [04:00 10/08/2004]
RtkHDAud.sys --a--- 5028352 bytes [07:07 01/04/2006] [17:40 11/02/2009]
RTL8139.sys ------ 20992 bytes [21:31 03/08/2004] [21:31 03/08/2004]
Rtnicxp.sys --a--- 130432 bytes [07:07 01/04/2006] [11:29 25/03/2009]
scsiport.sys ------ 96256 bytes [04:00 10/08/2004] [04:00 10/08/2004]
sdbus.sys ------ 67584 bytes [04:00 10/08/2004] [04:00 10/08/2004]
secdrv.sys ------ 20480 bytes [04:00 10/08/2004] [10:25 13/11/2007]
serenum.sys ------ 15488 bytes [04:00 10/08/2004] [04:00 10/08/2004]
serial.sys ------ 64896 bytes [04:00 10/08/2004] [04:00 10/08/2004]
sffdisk.sys ------ 11136 bytes [04:00 10/08/2004] [04:00 10/08/2004]
sffp_sd.sys ------ 10240 bytes [04:00 10/08/2004] [04:00 10/08/2004]
sfloppy.sys ------ 11392 bytes [04:00 10/08/2004] [04:00 10/08/2004]
smclib.sys ------ 14592 bytes [04:00 10/08/2004] [04:00 10/08/2004]
sonydcam.sys ------ 25472 bytes [11:00 10/08/2004] [11:00 10/08/2004]
splitter.sys --a--- 6400 bytes [07:10 01/04/2006] [08:47 14/06/2006]
sr.sys ------ 73472 bytes [04:00 10/08/2004] [04:00 10/08/2004]
srv.sys ------ 333184 bytes [04:00 10/08/2004] [11:57 11/12/2008]
stream.sys --a--- 48640 bytes [11:00 10/08/2004] [04:08 04/08/2004]
swenum.sys ------ 4352 bytes [11:00 10/08/2004] [11:00 10/08/2004]
swmidi.sys --a--- 54272 bytes [07:10 01/04/2006] [05:00 18/08/2001]
sysaudio.sys --a--- 60800 bytes [07:10 01/04/2006] [14:15 04/08/2004]
tape.sys ------ 14976 bytes [04:00 10/08/2004] [04:00 10/08/2004]
tcpip.sys ------ 360320 bytes [04:00 10/08/2004] [10:45 20/06/2008]
tcpip6.sys ------ 225920 bytes [04:00 10/08/2004] [09:52 20/06/2008]
tdi.sys ------ 18560 bytes [04:00 10/08/2004] [04:00 10/08/2004]
tdpipe.sys ------ 12040 bytes [04:00 10/08/2004] [04:00 10/08/2004]
tdtcp.sys ------ 21896 bytes [04:00 10/08/2004] [04:00 10/08/2004]
termdd.sys ------ 40840 bytes [07:01 04/08/2004] [07:01 04/08/2004]
tosdvd.sys ------ 51712 bytes [11:00 10/08/2004] [11:00 10/08/2004]
tsbvcap.sys ------ 21376 bytes [11:00 10/08/2004] [11:00 10/08/2004]
tunmp.sys ------ 12416 bytes [11:00 10/08/2004] [11:00 10/08/2004]
udfs.sys ------ 66176 bytes [04:00 10/08/2004] [04:00 10/08/2004]
update.sys ------ 364160 bytes [04:00 10/08/2004] [10:32 23/04/2007]
usb8023.sys ------ 12672 bytes [04:00 10/08/2004] [04:00 10/08/2004]
usbcamd.sys ------ 23808 bytes [11:00 10/08/2004] [11:00 10/08/2004]
usbcamd2.sys ------ 23936 bytes [11:00 10/08/2004] [11:00 10/08/2004]
usbccgp.sys --a--- 31616 bytes [07:55 16/07/2009] [06:08 04/08/2004]
usbd.sys ------ 4736 bytes [04:00 10/08/2004] [04:00 10/08/2004]
usbehci.sys ------ 27008 bytes [04:00 10/08/2004] [08:13 31/03/2005]
usbhub.sys ------ 57600 bytes [04:00 10/08/2004] [04:00 10/08/2004]
usbintel.sys ------ 16000 bytes [11:00 10/08/2004] [11:00 10/08/2004]
USBkey.sys --a--- 28848 bytes [07:51 01/04/2006] [02:51 19/11/2005]
usbohci.sys --a--- 17024 bytes [06:41 01/04/2006] [14:08 04/08/2004]
usbport.sys ------ 142976 bytes [04:00 10/08/2004] [04:00 10/08/2004]
usbprint.sys --a--- 25856 bytes [07:20 16/07/2009] [04:01 04/08/2004]
usbscan.sys --a--- 15104 bytes [07:14 16/07/2009] [03:58 04/08/2004]
usbstor.sys ------ 26496 bytes [04:00 10/08/2004] [04:00 10/08/2004]
usbuhci.sys ------ 20480 bytes [04:00 10/08/2004] [04:00 10/08/2004]
vdmindvd.sys ------ 58112 bytes [11:00 10/08/2004] [11:00 10/08/2004]
vga.sys ------ 20992 bytes [04:00 10/08/2004] [04:00 10/08/2004]
viaide.sys --a--- 5376 bytes [08:15 01/04/2006] [13:59 04/08/2004]
videoprt.sys ------ 79744 bytes [04:00 10/08/2004] [04:00 10/08/2004]
volsnap.sys ------ 52352 bytes [04:00 10/08/2004] [04:00 10/08/2004]
wanarp.sys ------ 34560 bytes [04:00 10/08/2004] [04:00 10/08/2004]
wdmaud.sys --a--- 82944 bytes [07:10 01/04/2006] [09:00 14/06/2006]
wmilib.sys ------ 4352 bytes [04:00 10/08/2004] [04:00 10/08/2004]
wpdusb.sys --a--- 18944 bytes [04:00 10/08/2004] [12:33 03/03/2006]
ws2ifsl.sys ------ 12032 bytes [04:00 10/08/2004] [04:00 10/08/2004]

---Folders---
Avg d----- [21:56 19/07/2009]
disdn d----- [22:59 11/11/2005]
etc d----- [02:12 15/11/2005]

-=End Of File=-

broni · 2009/08/13

The very file listed is the file I'm talking about.
It's listed as a system file, so to see it, you have to enable system files view.
Open Windows Explorer, go Tools>Folder options>View tab, and UN-check Hide protected operating system files.
Restart Windows Explorer.
Upload the file to VirusTotal.
Undo system files view afterwards.

Karenb · 2009/08/13

Okay I went into folder options and I have both "Display the contents of system folders and Show hidden files and folders" and I still cannot find that file in C:\Windows\system32\drivers

My list starts out with 1394 bus then
acpi
acpiec etc etc no 103C

Karenb · 2009/08/13

Nevermind...stupid me I just reread what you said and I found it and am waiting for the outcome

broni · 2009/08/13

Did you restart Windows Explorer?

broni · 2009/08/13

Oh, I didn't see your last reply

Karenb · 2009/08/13

File 103C_HP_CPC_EX513AA-ABA_A1473W_YC received on 2009.08.13 06:07:59 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 50 and 71 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.13 -
AhnLab-V3 5.0.0.2 2009.08.12 -
AntiVir 7.9.1.1 2009.08.12 -
Antiy-AVL 2.0.3.7 2009.08.12 -
Authentium 5.1.2.4 2009.08.13 -
Avast 4.8.1335.0 2009.08.12 -
AVG 8.5.0.406 2009.08.12 -
BitDefender 7.2 2009.08.13 -
CAT-QuickHeal 10.00 2009.08.13 -
ClamAV 0.94.1 2009.08.13 -
Comodo 1961 2009.08.13 -
DrWeb 5.0.0.12182 2009.08.13 -
eSafe 7.0.17.0 2009.08.11 -
eTrust-Vet 31.6.6673 2009.08.12 -
F-Prot 4.4.4.56 2009.08.12 -
F-Secure 8.0.14470.0 2009.08.13 -
Fortinet 3.120.0.0 2009.08.13 -
GData 19 2009.08.13 -
Ikarus T3.1.1.64.0 2009.08.13 -
Jiangmin 11.0.800 2009.08.13 -
K7AntiVirus 7.10.817 2009.08.12 -
Kaspersky 7.0.0.125 2009.08.13 -
McAfee 5707 2009.08.12 -
McAfee+Artemis 5707 2009.08.12 -
McAfee-GW-Edition 6.8.5 2009.08.13 -
Microsoft 1.4903 2009.08.12 -
NOD32 4330 2009.08.12 -
Norman 6.01.09 2009.08.12 -
nProtect 2009.1.8.0 2009.08.13 -
Panda 10.0.0.14 2009.08.12 -
PCTools 4.4.2.0 2009.08.12 -
Prevx 3.0 2009.08.13 -
Rising 21.42.30.00 2009.08.13 -
Sophos 4.44.0 2009.08.13 -
Sunbelt 3.2.1858.2 2009.08.13 -
Symantec 1.4.4.12 2009.08.13 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.12 -
VBA32 3.12.10.9 2009.08.12 -
ViRobot 2009.8.13.1882 2009.08.13 -
VirusBuster 4.6.5.0 2009.08.12 -
Additional information
File size: 1816 bytes
MD5...: 258385b7a120f818b748be4d0b5fa098
SHA1..: d1bcf164d84b2135775ad2bab1b1c00ac86e99ef
SHA256: cc0600bfae6354a9cbd37b0ade66ad6d6b1e5e339e560b94ffe49c2385967652
ssdeep: 48:ErQRkO7Pue0wMdqVig7dg65SJAJrZTSr2y:E0OO7Pue0wMdqViwKE2r2y
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

broni · 2009/08/13

Very good

Disable system files view.

How is overclick.cn issue?

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

Log in or Sign up

Solved Overclick.cn rerouting my searches again

Karenb Inactive Thread Starter

mailman Geek Member

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Overclick.cn rerouting my searches again

Karenb Inactive Thread Starter

mailman Geek Member

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Karenb Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches