BleepingComputer.com: Cleaning up from a mess.

I am unsure to the full nature of the virus. It hit through a yahoo fluff piece mainpage link. The AV (Avast) did some blocking but it was not enough. The computer was in real rough shape. I eventually recovered and managed to get things back to usable but I am still getting hits off of AV scanners both Avast and F Secure. The only real issue I notice is that there are sometimes failures to boot up on the first try and the clock keeps rolling back an hour.

Any help would be welcome.


.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Owner at 12:19:21 on 2011-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.146 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://us8.hpwis.com/
uSearch Bar = hxxp://srch-us8.hpwis.com/
mDefault_Page_URL = hxxp://us8.hpwis.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us8.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KYE_UDSI] "c:\program files\usb storage rw\udsi.exe
mRun: [CamMonitor] c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\epsona~1.lnk - e:\common\epsonreg\EpsonReg.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307210991378
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{5D2E9A67-F1DB-4F14-ABD8-535CAADC81B6} : DhcpNameServer = 68.94.156.1 68.94.157.1
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-23 307928]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-30 532224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-23 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-5 42184]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-5 136176]
S2 mrtRate;mrtRate; [x]
.
=============== Created Last 30 ================
.
2011-06-05 21:48:42 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-06-05 19:19:19 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
2011-06-05 19:19:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-06-05 19:18:34 -------- d-----w- c:\program files\AVAST Software
2011-06-05 19:18:34 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-05 18:37:27 19569 ----a-w- c:\windows\005753_.tmp
2011-06-04 18:07:16 -------- d-s---w- c:\documents and settings\owner\UserData
2011-06-04 17:49:55 -------- d-sh--r- C:\cmdcons
2011-05-16 19:11:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-05 21:57:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-05 21:57:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-05 18:44:34 126976 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\ContentUpdater.exe
2011-06-05 18:44:22 106496 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PluginCtrl.dll
2011-06-05 18:43:58 77824 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\WinVerifyTrust.dll
2011-06-05 18:43:53 49152 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PCHI18N.dll
2011-06-05 18:43:52 122880 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\SearchCtrl.dll
2011-06-05 18:43:49 159744 ----a-w- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphnabs3en\plugin\bin\PCHButton.exe
2011-05-29 17:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 17:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
============= FINISH: 12:24:11.69 ===============

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

Ready to go.

I think the logs look okay but we should take a further look

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

OTL Extras logfile created on: 6/21/2011 7:28:51 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 243.67 Mb Available Physical Memory | 47.65% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.51 Gb Total Space | 85.71 Gb Free Space | 79.72% Space Free | Partition Type: NTFS
Drive D: | 4.26 Gb Total Space | 0.76 Gb Free Space | 17.87% Space Free | Partition Type: FAT32

Computer Name: CONCIDIUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0DCFC7D5-8608-478C-8082-1FF848B978AF}" = Uninstall USB Storage RW Ver. 2.00.11.b04
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Productivity Pack
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E90FA5-2CB4-4039-A8BB-BE1B9DB94E21}" = HP Memories Disc
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}" = HP Digital Imaging Album Printing 1.0
"{48BD24F5-13DE-493A-A7CE-28A85113FF0C}" = HP Deskjet printer preloaded drivers
"{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}" = HP Photo and Imaging 1.2 - Photosmart Cameras
"{4FCC384C-18EA-4E25-9281-A06AE006D219}" = Weblink
"{60E80B13-8649-4A69-85E2-1AE99E061F43}" = ShowBiz DVD
"{60E971B7-51A0-48CA-8687-C6B8F094A409}" = Simple Backup for My Pictures
"{8214CC02-6271-4DC8-B8DD-779933450264}" = RecordNow
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9E88DAA4-1352-4272-BA3A-897668408400}" = HP Photosmart printers preloaded drivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) v1.0.3705
"{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}" = Simple Installer - Multilanguage Version
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass
"{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"1ABC286C-DE10-4590-BEFF-4D0DFF5EA1EC" = GemMaster 3 from Hewlett-Packard Desktops (remove only)
"28BA89E7-2F60-4BE7-BAA2-7949EB3FE527" = BlasterBall Wild from Hewlett-Packard Desktops (remove only)
"357ECB62-CD36-4B63-B57E-769D0CA174F4" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"3EA6838C-5C34-4F9C-A8DA-434D65DD1356" = Men In Black II CROSSFIRE from Hewlett-Packard Desktops (remove only)
"4F0AE1FB-4082-4A27-8363-05D292D92FB0" = Virtual Warfare from Hewlett-Packard Desktops (remove only)
"5415BC25-6D6C-46C4-B34C-EA8470FE56D5" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"63272979-21F0-48EF-9B97-A83DBC05BE39" = Disney`s Lilo and Stitch Pinball from Hewlett-Packard Desktops (remove only)
"753FE96B-D926-4B6C-BCFB-CC59153D004A" = Snowboard Extreme from Hewlett-Packard Desktops (remove only)
"7841B68B-B7DD-408E-8B45-D5CA39608185" = Dark Orbit from Hewlett-Packard Desktops (remove only)
"8c9c48d7-2d03-4a1f-a303-5bd22ccabae1" = RingMaster from Hewlett-Packard Desktops (remove only)
"9FA01E11-9015-4140-B10A-5C6AA949B2FC" = Space Rocks from Hewlett-Packard Desktops (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"ArcSoft Software Suite" = ArcSoft Picture Software
"avast" = avast! Free Antivirus
"DF479CEA-34C0-460F-9B56-93BCE4CD4086" = Excavation from Hewlett-Packard Desktops (remove only)
"Google Chrome" = Google Chrome
"hp instant support" = HP Instant Support
"HPTOOLKIT" = toolkit
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = easy Internet sign-up
"InstallShield_{F61F2821-694C-475F-99AB-6AF2EFDF40FD}" = Quicken 2003 New User Edition
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"S3Display" = S3Display
"S3Gamma2" = S3Gamma2
"S3Info2" = S3Info2
"S3Overlay" = S3Overlay
"SpamSubtract" = SpamSubtract
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Windows XP Service Pack" = Windows XP Service Pack 3
"WordPerfect Productivity Pack" = WordPerfect Productivity Pack
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2011 1:10:02 AM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (1368) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/7/2011 2:40:32 AM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3076) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/7/2011 3:10:36 AM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (2760) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/7/2011 3:45:18 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (352) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/9/2011 6:29:52 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3652) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/12/2011 4:41:56 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3804) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/16/2011 8:07:23 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3456) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/19/2011 7:01:08 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3520) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 6/21/2011 12:01:07 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3368) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/21/2011 12:01:08 PM | Computer Name = CONCIDIUS | Source = ESENT | ID = 485
Description = wuauclt (3420) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 6/19/2011 2:14:27 AM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/19/2011 3:11:22 AM | Computer Name = CONCIDIUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 6/19/2011 3:13:57 AM | Computer Name = CONCIDIUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 6/19/2011 7:00:17 PM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/20/2011 11:20:27 AM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/20/2011 10:44:50 PM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/21/2011 12:00:18 PM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 6/21/2011 12:37:44 PM | Computer Name = CONCIDIUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 6/21/2011 12:39:58 PM | Computer Name = CONCIDIUS | Source = DCOM | ID = 10010
Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
with DCOM within the required timeout.

Error - 6/21/2011 11:00:06 PM | Computer Name = CONCIDIUS | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >


OTL logfile created on: 6/21/2011 7:28:51 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 243.67 Mb Available Physical Memory | 47.65% Memory free
1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.51 Gb Total Space | 85.71 Gb Free Space | 79.72% Space Free | Partition Type: NTFS
Drive D: | 4.26 Gb Total Space | 0.76 Gb Free Space | 17.87% Space Free | Partition Type: FAT32

Computer Name: CONCIDIUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
PRC - C:\Program Files\USB Storage RW\udsi.exe (KYE Systems Corp.)
PRC - C:\Program Files\Softex\OmniPass\omniServ.exe ()
PRC - C:\Program Files\Softex\OmniPass\OPXPApp.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
PRC - c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\powrprof.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ddraw.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dciman32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\omniServ.exe ()


========== Driver Services (SafeList) ==========

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)
DRV - (S3Psddr) -- C:\WINDOWS\system32\drivers\s3gnbm.sys (S3 Graphics, Inc.)
DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (fasttx2k) -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (viaagp1) -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (SISAGP) -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/06/05 13:57:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2002/08/29 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KYE_UDSI] C:\Program Files\USB Storage RW\udsi.exe (KYE Systems Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StorageGuard] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307210991378 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - C:\Program Files\Softex\OmniPass\opxpgina.dll - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/09 21:19:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 000,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 12:19:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2011/06/05 13:57:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/05 13:57:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/05 13:57:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/05 13:48:52 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/06/05 13:48:52 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/06/05 13:48:45 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/06/05 13:48:42 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/06/05 13:48:41 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/06/05 13:47:55 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/06/05 13:47:55 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/06/05 13:47:55 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/06/05 13:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2011/06/05 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/05 11:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/06/05 11:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/06/05 11:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/06/05 11:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/06/05 11:19:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2011/06/05 11:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/05 11:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/05 11:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/05 11:10:22 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE7-WindowsXP-x86-enu.exe
[2011/06/05 11:02:11 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/06/05 10:54:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/04 10:07:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2011/06/04 09:51:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/06/04 09:49:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/04 09:40:27 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/06/04 09:40:27 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/06/04 09:40:12 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/21 19:24:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/21 19:00:12 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/06/21 19:00:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/21 18:59:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 18:59:34 | 536,268,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/18 22:14:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/15 19:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/15 19:26:39 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/12 12:17:14 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/11 11:37:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/06 22:41:47 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 13:57:33 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/05 13:57:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/05 13:57:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/05 13:57:33 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/05 13:57:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/05 13:49:30 | 000,420,891 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/05 13:48:58 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/06/05 13:48:58 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2011/06/05 11:20:14 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 11:19:08 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/05 11:19:04 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/05 11:17:00 | 000,153,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/05 11:12:13 | 002,105,344 | ---- | M] () -- C:\WINDOWS\System32\secsetup.sdb
[2011/06/05 11:10:34 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2011/06/05 11:10:23 | 015,452,536 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE7-WindowsXP-x86-enu.exe
[2011/06/05 11:08:43 | 056,923,744 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\setup_av_free.exe
[2011/06/05 11:02:11 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\IE8-WindowsXP-x86-ENU.exe
[2011/06/05 11:00:53 | 000,365,076 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/05 11:00:53 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/05 10:56:49 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/05 10:55:21 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/05 10:52:18 | 000,002,639 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/05 10:46:46 | 000,000,283 | RHS- | M] () -- C:\boot.ini
[2011/06/05 10:38:55 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/06/05 10:38:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/04 10:07:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\easy Internet sign-up.job
[2011/06/04 09:49:13 | 000,004,690 | RHS- | M] () -- C:\WINDOWS\System32\drivers\HP_DF253A-ABA a250n_YW_Pavi_QMXM337_E33NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.10_T030627_WXH1_L409_M512_J120_7Intel_8Pentium 4_92.6_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0181.MRK
[2011/06/04 09:46:31 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/04 09:43:40 | 000,000,196 | RHS- | M] () -- C:\BOOT.BAK
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 12:17:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2011/06/11 17:04:35 | 536,268,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/11 11:37:02 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/06 22:41:47 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 13:48:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZoneAlarm Security.lnk
[2011/06/05 11:20:14 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/05 11:20:14 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/05 11:19:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 11:19:15 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 11:19:08 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/05 11:12:11 | 002,105,344 | ---- | C] () -- C:\WINDOWS\System32\secsetup.sdb
[2011/06/05 11:10:34 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\My Documents.lnk
[2011/06/04 10:06:59 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\easy Internet sign-up.job
[2011/06/04 09:46:18 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\About my HP PC.lnk
[2011/06/04 09:46:18 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Recovery.lnk
[2011/06/04 09:46:18 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Help and Support.lnk
[2010/09/20 15:14:56 | 000,024,064 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/04 17:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/03/04 11:58:32 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/03/04 11:58:32 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/03/04 11:58:32 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/03/04 11:58:32 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/03/04 11:58:32 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/03/04 11:58:32 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/03/04 11:58:32 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/03/04 11:58:32 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/03/04 11:58:32 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/03/04 11:58:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/03/04 11:58:32 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/03/04 11:58:32 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/03/04 11:58:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/03/04 11:58:32 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/03/04 11:58:32 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/03/04 11:58:32 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/03/04 11:57:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
[2010/02/26 15:10:56 | 000,012,998 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2010/02/04 15:44:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/02 15:59:23 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2008/10/03 00:08:03 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JPR.{PB
[2008/10/03 00:08:03 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP100JCM.{PB
[2007/12/01 13:49:41 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/12/01 01:28:55 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/11/30 21:13:58 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/29 06:47:37 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/06/29 06:02:43 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/29 06:02:43 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/29 06:02:40 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/29 06:02:36 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/29 06:02:21 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/29 06:02:20 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/29 06:02:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/29 06:01:47 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/29 05:59:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/04/10 03:35:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 03:34:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2003/04/10 03:21:36 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/04/10 00:51:07 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/04/10 00:51:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/04/09 23:32:34 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2003/04/09 23:32:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/09 23:06:10 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/04/09 23:03:38 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/04/09 23:03:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/04/09 22:57:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/09 22:57:04 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/09 22:16:44 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/04/09 22:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/04/09 22:06:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/04/09 21:55:02 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/04/09 21:44:58 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/04/09 21:44:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/04/09 21:44:29 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/04/09 21:23:21 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/04/09 21:21:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/09 21:16:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/04/09 21:05:45 | 000,000,659 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/09 21:05:26 | 000,365,076 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/09 21:05:26 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/09 14:10:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/09 14:09:25 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/19 15:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/11/14 07:09:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2002/11/14 07:08:26 | 000,004,760 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2002/05/24 07:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 07:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2001/08/14 17:47:08 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\vxpsapi.dll

========== LOP Check ==========

[2010/08/23 14:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/06/05 11:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/03 19:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/04 12:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/02/14 10:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2007/12/01 01:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/09/03 13:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2007/12/01 18:39:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Electronic Arts
[2010/03/04 14:49:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Epson
[2011/02/21 22:39:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\f-secure
[2003/04/10 03:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2003/04/09 22:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2010/09/20 15:23:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2010/03/04 12:07:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2003/04/09 23:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2011/06/15 19:47:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/04 10:07:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\easy Internet sign-up.job

========== Purity Check ==========



< End of report >

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Nothing to worry about there. Run ESET next

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

If no log is generated that means nothing was found. Please let me know if this happens.

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.24.1 log created on 06222011_191643


C:\Program Files\WildTangent\Apps\GameChannel\Games\28BA89E7-2F60-4BE7-BAA2-7949EB3FE527\WebDriverSilentInstall.exe Win32/Adware.WildTangent application deleted - quarantined

That looks fine. Any problems since we began?

I was still getting failures in booting and sometimes a slow turn off.

The Avast issue has been resolved but here is what the F-Secure still found? It offered to clean but I thought to make sure.

Scanning Report

Thursday, June 23, 2011 20:33:16 - 22:13:03

Computer name: CONCIDIUS
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\

1 malware found

Suspicious:W32/Malware!Gemini (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP10\A0011154.EXE (Not cleaned)
Statistics

Scanned:
Files: 56036
System: 5600
Not scanned: 22
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 1
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE
C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

F-Secure can clean it. It's basically a copy of malware that has been stored in System Restore. If you were to use system restore it would reinfect but I clear the system restore points at the end of the fix anyway so it wasn't too dangerous.

Booting and shutting down is often slowed down by things other than malware - most times in fact.


Please download ConflictInfo by aommaster to your desktop.

• Double click
  
  
  
• Press to begin.
  
  
  
• It shall produce a ConflictInfo.txt on your desktop.
  
  
  
• Please copy and paste the log in your next reply.

I'm not expecting there to be anything on this log but it's worth checking for these types of conflicts.

I will let F-secure clean that then.

Logfile of Aommaster's ConflictInfo v.1.0.0
#############
Conflicting Devices
#############

===No device problems found===

~~~EOF~~~

F Secure failed to clean on two tries. It also gave me an extra result that did not clean. The restore I could find on search. Perhaps I could just delete it?

Scanning Report

Friday, June 24, 2011 18:45:46 - 20:43:36

Computer name: CONCIDIUS
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\

2 malware found

Stealth_file (virus)
C:\## ASWSNX PRIVATE STORAGE\R356\PWUODGGALVQQUG._{934633AB-8ECD-11E0-A1EA-000C6EA98A41}\IMAGE\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI (Not cleaned)
Suspicious:W32/Malware!Gemini (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F20DC6C2-5212-4F33-8959-AB7D05D4CDB6}\RP10\A0011154.EXE (Not cleaned)
Statistics

Scanned:
Files: 70083
System: 5606
Not scanned: 22
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP
C:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE
C:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL
C:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE

The first file is from a trojan called FakeAlert and needs to go. The system restore one will be removed at the end of this fix so leave it where it is (it's no danger unless you invoke a system restore which you won't, will you?)

Please run Combofix which will rip out any FakeAlert

Please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Comfix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

ComboFix 11-06-25.01 - Owner 06/25/2011 9:33.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.235 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\comfix.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-23 03:20 . 2011-06-23 03:20 -------- d-----w- c:\program files\ESET
2011-06-23 03:16 . 2011-06-23 03:16 -------- d-----w- C:\_OTL
2011-06-05 21:48 . 2011-03-18 09:24 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-06-05 21:48 . 2011-03-18 09:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-06-05 21:48 . 2011-03-18 09:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-06-05 21:41 . 2011-06-05 21:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-06-05 19:19 . 2011-06-16 03:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-06-05 19:19 . 2011-06-05 19:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-06-05 19:19 . 2011-06-05 19:20 -------- d-----w- c:\program files\Google
2011-06-05 19:19 . 2011-06-05 19:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2011-06-05 19:18 . 2011-06-05 19:18 -------- d-----w- c:\program files\AVAST Software
2011-06-05 19:18 . 2011-06-05 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-05 18:37 . 2006-12-29 07:31 19569 ----a-w- c:\windows\005753_.tmp
2011-06-04 18:07 . 2011-06-04 18:07 -------- d-s---w- c:\documents and settings\Owner\UserData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 21:57 . 2008-10-24 02:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-05 21:57 . 2010-08-03 06:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-05 18:44 . 2011-06-05 18:44 126976 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2011-06-05 18:44 . 2011-06-05 18:44 106496 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2011-06-05 18:43 . 2011-06-05 18:43 77824 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2011-06-05 18:43 . 2011-06-05 18:43 49152 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2011-06-05 18:43 . 2011-06-05 18:43 122880 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2011-06-05 18:43 . 2011-06-05 18:43 159744 ----a-w- c:\windows\pchealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2011-05-29 17:11 . 2008-10-24 01:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 17:11 . 2008-10-24 01:25 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-16 19:11 . 2011-05-16 19:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-10 12:10 . 2010-08-23 22:39 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-08-23 22:39 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-02-27 01:48 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-08-23 22:40 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-08-23 22:40 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2010-08-23 22:40 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2010-08-23 22:40 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2010-08-23 22:40 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-08-23 22:40 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2010-08-23 22:40 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 831557]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"KYE_UDSI"="c:\program files\USB Storage RW\udsi.exe" [2003-02-22 212992]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 69632]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"nwiz"="nwiz.exe" [2003-03-03 323584]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2002-8-21 40960]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-8-21 40960]
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-4-10 552960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-20 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/26/2011 5:48 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/23/2010 2:40 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2010 2:40 PM 19544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/5/2011 11:19 AM 136176]
S2 mrtRate;mrtRate; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-04 c:\windows\Tasks\easy Internet sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-22 07:34]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 19:19]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-05 19:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Connection Wizard,ShellNext = hxxp://us8.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
LSP: SpSubLSP.dll
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2011-06-25 10:09:29
ComboFix-quarantined-files.txt 2011-06-25 18:09
.
Pre-Run: 91,260,395,520 bytes free
Post-Run: 97,799,671,808 bytes free
.
- - End Of File - - 0D21074A0372079A49C534679F173B73

Okay, the FakeAlert file is safe in the Avast sandbox.


Please run ESET next

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

If no log is generated that means nothing was found. Please let me know if this happens.