Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up warnings dialogs about DLLs not being valid Windows images


  • This topic is locked This topic is locked
66 replies to this topic

#1 FamilyGuy

FamilyGuy

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 12 February 2010 - 09:35 AM

System: HP Pavilion a720n
Processor: AMD Athlon XP 3200+
OS: Windows XP Home Edition Version 2002 Service Pack 2


Constantly getting these upon opening apps, PDFs, etc:
* jusched.exe - Bad Image : The application or DLL C:\WINDOWS\system32\wvutqpm.dll is not a valid Windows image. Please check this against your installation diskette.
* CiceroUIWndFrame: OUTLOOK.EXE - Bad Image : The application or DLL C:\WINDOWS\system32\wvutqpm.dll is not a valid Windows image. Please check this against your installation diskette.
* Font Capture: AcroRd32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\wvutqpm.dll is not a valid Windows image. Please check this against your installation diskette.


Other issue (preventing me from moving to XP Service Pack 3):
* Windows Update is not working - seems the Background Intelligent Transfer Service will not start. "The Background Intelligent Transfer Service service terminated with service-specific error 2147942405 (0x80070005)."

I ran GMER twice and it caused a reboot each time after about 2 hours in:
"The computer has rebooted from a bugcheck. The bugcheck was: 0xd0000144 (0xc0000005, 0x001b0005, 0x00000001, 0x00000000). A dump was saved in: C:\WINDOWS\Minidump\Mini021210-01.dmp."

DDS.txt contents:

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 19:13:29.85 on Thu 02/11/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1030 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Owner\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2432f099-f8e2-43c9-b765-3af002ffc6a7} - c:\windows\system32\wvutqpm.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f2ff3982-9622-4fed-9853-bc8cdb900b43} - c:\windows\system32\vtsqp.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Sonic RecordNow!]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\hporga~1.lnk - c:\program files\hewlett-packard\hp organize\bin\displayAgent.exe
StartupFolder: c:\documents and settings\hp_owner\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.stonyfield.com/coupons/scriptX/smsx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX28.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.34.14/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
Notify: igfxcui - igfxsrvc.dll
SEH: {2432f099-f8e2-43c9-b765-3af002ffc6a7} - c:\windows\system32\wvutqpm.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\epf9ua1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\epf9ua1j.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [2003-7-2 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [2003-7-2 124160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-9 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-9-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-9-9 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-9-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-9 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-9 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-9 40552]
S2 gupdate1c9a1e285ebea22;Google Update Service (gupdate1c9a1e285ebea22);c:\program files\google\update\GoogleUpdate.exe [2009-3-10 133104]
S3 iatmunin;iatmunin;\??\c:\docume~1\hp_owner\locals~1\temp\iatmunin.sys --> c:\docume~1\hp_owner\locals~1\temp\iatmunin.sys [?]

=============== Created Last 30 ================

2010-02-10 17:47:16 0 d-----w- c:\program files\TrendMicro
2010-02-02 19:41:08 0 d-----w- c:\program files\iTunes
2010-01-30 02:22:25 0 d-----w- c:\windows\system32\QuickTime
2010-01-29 14:40:52 0 d-----w- c:\program files\VIA
2010-01-29 14:40:32 0 d-----w- C:\softpaq
2010-01-27 02:47:13 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-27 02:47:13 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-01-27 02:47:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-15 23:12:26 0 d-----w- c:\docume~1\hp_owner\applic~1\KidZui
2010-01-15 23:12:22 0 d-----w- c:\program files\Kidzui

==================== Find3M ====================

2010-02-09 21:13:53 4121 ----a-w- c:\windows\viassary-hp.reg
2010-01-21 13:41:07 104201 ----a-w- c:\windows\hpoins04.dat
2009-12-28 03:12:10 39232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2006-11-25 21:04:02 66936 --sha-w- c:\windows\slinfo_0.drv

============= FINISH: 19:14:21.31 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:41 AM

Posted 17 February 2010 - 03:47 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 February 2010 - 01:59 PM

Latest DDS.txt and Attach.txt attached.

GMER continues to reboot the machine after an hour or so.

Latest changes and behavioral impacts: I installed Ad-Aware to try and hunt down adware. Now I notice that mu Google searches are being redirected to random weird sites with names like qualityhealth.com, hotwire.com, www.search.pro

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:41 AM

Posted 22 February 2010 - 03:14 PM

Hello, FamilyGuy
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 08:39 AM

ComboFix.txt:

ComboFix 10-02-22.07 - HP_Owner 02/23/2010 8:20.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1095 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\My Documents\schrauber.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Owner\Application Data\Starware
c:\documents and settings\HP_Owner\Application Data\Starware\Manager\ManagerOptions.xml
c:\documents and settings\HP_Owner\Application Data\Starware\Manager\ManagerOptions.xml.backup
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat
c:\program files\MyWebSearch\bar\Settings\settings.dat.bak
c:\program files\MyWebSearch\bar\Settings\settings.htm
c:\program files\MyWebSearch\bar\Settings\settings.htm.bak
c:\recycler\S-1-5-21-1641195625-2908407272-44753203-1003
c:\temp\0b9
c:\temp\0b9\tmpTF.log
c:\windows\jestertb.dll
c:\windows\system32\ps2.bat
c:\windows\system32\T3
c:\windows\system32\T4
c:\windows\system32\T6
c:\windows\system32\T7
c:\windows\system32\T7\icm.exe
c:\windows\system32\udkplqsl.ini
c:\windows\system32\wvutqpm.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
c:\windows\viassary-hp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-18 16:00 . 2010-02-18 16:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 16:00 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-16 19:31 . 2010-02-16 19:31 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\Apple
2010-02-16 16:15 . 2010-02-16 16:15 45808 ----a-w- c:\documents and settings\Shane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 15:13 . 2010-02-16 15:13 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\Roblox
2010-02-16 15:13 . 2010-02-16 15:13 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\RobloxDownloads
2010-02-16 15:13 . 2010-02-16 15:13 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\RobloxVersions
2010-02-16 15:05 . 2010-02-16 15:05 -------- d-----w- c:\documents and settings\Shane\Application Data\Yahoo!
2010-02-16 15:05 . 2010-02-17 15:31 -------- d-----w- c:\documents and settings\Shane\Local Settings\Application Data\Google
2010-02-12 19:43 . 2010-02-12 14:50 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-10 17:47 . 2010-02-10 17:47 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-10 17:47 . 2010-02-10 17:47 -------- d-----w- c:\program files\TrendMicro
2010-02-02 19:41 . 2010-02-02 19:42 -------- d-----w- c:\program files\iTunes
2010-02-02 19:34 . 2010-02-02 19:34 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-30 02:22 . 2010-01-30 02:22 -------- d-----w- c:\windows\system32\QuickTime
2010-01-29 14:40 . 2010-01-29 14:40 -------- d-----w- c:\program files\VIA
2010-01-29 14:40 . 2010-01-29 14:40 -------- d-----w- C:\softpaq
2010-01-27 02:47 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-27 02:47 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-26 21:03 . 2010-01-26 21:03 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 13:33 . 2009-05-28 00:38 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\DNA
2010-02-23 01:03 . 2008-09-27 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-21 18:49 . 2009-05-28 00:38 -------- d-----w- c:\program files\DNA
2010-02-18 16:00 . 2007-06-02 04:05 -------- d-----w- c:\program files\Lavasoft
2010-02-18 15:59 . 2009-06-23 03:12 -------- d-----w- c:\program files\BitComet
2010-02-16 17:12 . 2010-02-16 15:02 -------- d-----w- c:\documents and settings\Shane\Application Data\Apple Computer
2010-02-15 10:40 . 2009-12-26 05:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-10 16:53 . 2005-03-10 15:23 -------- d-----w- c:\program files\Battle X Game
2010-02-07 13:36 . 2005-04-03 14:26 -------- d-----w- c:\program files\Google
2010-02-04 15:53 . 2010-02-12 14:50 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-02 19:41 . 2004-12-09 04:53 -------- d-----w- c:\program files\iPod
2010-02-02 19:41 . 2007-12-17 14:08 -------- d-----w- c:\program files\Common Files\Apple
2010-01-29 14:41 . 2004-08-07 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 13:41 . 2004-08-07 20:42 104201 ----a-w- c:\windows\hpoins04.dat
2010-01-15 23:16 . 2010-01-15 23:12 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\KidZui
2010-01-15 23:12 . 2010-01-15 23:12 -------- d-----w- c:\program files\Kidzui
2010-01-10 05:55 . 2007-12-21 01:23 -------- d-----w- c:\program files\MozyHome
2010-01-09 17:50 . 2010-01-09 17:50 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Sony Online Entertainment
2010-01-09 17:50 . 2010-01-09 17:49 -------- d-----w- c:\program files\Sony Online Entertainment
2009-12-28 03:12 . 2006-08-20 21:54 39232 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2006-11-25 21:04 . 2006-11-25 21:04 66936 --sha-w- c:\windows\slinfo_0.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-01-04 16:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-27 39408]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-20 185896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]

c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-7-13 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-10-8 1073152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\HP_Owner\\My Documents\\Ghost_Multi-player2005-downloader.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Warcraft II BNE\\Warcraft II BNE.exe"=
"c:\\Diablo\\Spawn\\diablo_s.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Documents and Settings\\HP_Owner\\My Documents\\Hellfire-Citadel_Final_EN.avi-downloader.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16074:TCP"= 16074:TCP:BitComet 16074 TCP
"16074:UDP"= 16074:UDP:BitComet 16074 UDP

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 5:41 PM 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 4:49 PM 124160]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/12/2010 9:50 AM 64288]
S2 gupdate1c9a1e285ebea22;Google Update Service (gupdate1c9a1e285ebea22);c:\program files\Google\Update\GoogleUpdate.exe [3/10/2009 7:44 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1228208]
S3 iatmunin;iatmunin;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\iatmunin.sys --> c:\docume~1\HP_Owner\LOCALS~1\Temp\iatmunin.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-28 00:57]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 00:44]

2010-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 00:44]

2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-18 16:22]

2009-10-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-01-18 16:22]

2010-02-23 c:\windows\Tasks\User_Feed_Synchronization-{8953EBBE-6D8C-4E6F-800E-8CE4B5F30541}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:36]

2010-02-01 c:\windows\Tasks\WebReg 20100201085144.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 12:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {E91B38E0-0678-4168-84D4-58EFC6AE7065} = 93.188.163.98,93.188.161.94
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\epf9ua1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\epf9ua1j.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Sony Online Entertainment\npsoe.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

BHO-{2432F099-F8E2-43C9-B765-3AF002FFC6A7} - c:\windows\system32\wvutqpm.dll
BHO-{F2FF3982-9622-4FED-9853-BC8CDB900B43} - c:\windows\system32\vtsqp.dll
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{2432F099-F8E2-43C9-B765-3AF002FFC6A7} - c:\windows\system32\wvutqpm.dll
AddRemove-Imaginext™ Pirate Raider - c:\program files\Common Files\Imaginext™\Uninstall\PiratesUn.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-NVIDIA GART Driver - c:\windows\system32\nvugart.exe
AddRemove-rb2000 - F:\setup.exe
AddRemove-Winamp - c:\program files\Winamp\UninstWA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 08:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x89B308C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bfc3
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74aa9f2
IoDeviceObjectType -> ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
\Device\Harddisk0\DR0 -> ParseProcedure -> ntoskrnl.exe @ 0x8056f00e
NDIS: VIA Rhine II Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf787fba0
PacketIndicateHandler -> NDIS.sys @ 0xf788cb21
SendHandler -> NDIS.sys @ 0xf786a87b
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-02-23 08:36:33
ComboFix-quarantined-files.txt 2010-02-23 13:36

Pre-Run: 92,773,408,768 bytes free
Post-Run: 94,373,797,888 bytes free

- - End Of File - - B2FCE250627332688207578F1526E931


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:41 AM

Posted 23 February 2010 - 03:44 PM

Hi,


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 09:06 PM

malwarebytes.org is serving up 404s. Same with your other links. Is it alright to download from CNET? http://download.cnet.com/Malwarebytes-Anti...4-10804572.html


#8 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 09:33 PM

OTL.txt:

OTL logfile created on: 2/23/2010 9:08:52 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\HP_Owner\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 87.57 Gb Free Space | 48.51% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.74 Gb Free Space | 12.85% Space Free | Partition Type: FAT32
Drive E: | 2.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATIE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/23 21:06:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
PRC - [2010/02/20 12:17:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/04 11:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/11/12 18:08:27 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2009/09/16 10:23:32 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/31 19:52:25 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/03/31 19:52:25 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/01/30 14:05:06 | 000,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozybackup.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/27 17:12:57 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/19 22:13:51 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005/03/08 04:33:28 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/03/04 11:01:56 | 000,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/09/07 13:47:52 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCXMNTR.EXE
PRC - [2004/05/29 07:34:54 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) -- c:\Program Files\HP\Digital Imaging\bin\Hpqdirec.exe
PRC - [2003/07/15 07:45:18 | 000,196,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2003/02/11 22:02:48 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 18:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 21:06:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/04 10:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/15 19:57:23 | 000,182,768 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/31 19:52:25 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/03/10 19:44:15 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9a1e285ebea22) Google Update Service (gupdate1c9a1e285ebea22)
SRV - [2009/01/30 14:05:06 | 000,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\MozyHome\mozybackup.exe -- (mozybackup)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/02/23 11:41:02 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2005/05/29 14:12:05 | 000,126,976 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/02 16:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/03/19 01:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/19 22:14:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 12:18:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 12:18:02 | 000,000,000 | ---D | M]

[2009/04/04 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/02/23 21:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\epf9ua1j.default\extensions
[2009/06/22 22:12:28 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\epf9ua1j.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/04/21 19:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\epf9ua1j.default\extensions\moveplayer@movenetworks.com
[2010/02/23 21:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/11 02:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2004/08/04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AlcxMonitor] C:\WINDOWS\ALCXMNTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe ()
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add To HP Organize... - C:\Program Files\Hewlett-Packard\HP Organize\bin\core.hp.main\SendTo.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.stonyfield.com/coupons/scriptX/smsx.cab (MeadCo ScriptX)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (GMNRev Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/common/groove/gx/GrooveAX28.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.34.14/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/20 11:51:44 | 000,000,678 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/10/19 20:36:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1996/12/26 20:21:40 | 004,429,073 | R--- | M] (Blizzard Entertainment) - K:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1996/11/20 12:25:44 | 000,000,050 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/16 17:02:23 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/23 21:06:46 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
[2010/02/23 21:04:30 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Owner\My Documents\mbam-setup.exe
[2010/02/23 08:19:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/23 08:19:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/23 08:19:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/23 08:19:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/23 08:19:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/23 08:15:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/18 11:00:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/12 09:50:32 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/12 09:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/11 19:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Gmer
[2010/02/10 12:48:07 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe
[2010/02/10 12:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/03/22 07:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/03/10 19:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/05/17 14:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2007/12/20 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/10/08 11:55:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/02/14 21:16:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/12/01 22:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/08/07 14:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/08/07 14:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/07/02 17:41:42 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 000,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\HP_Owner\My Documents\*.tmp files -> C:\Documents and Settings\HP_Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/23 21:12:34 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8953EBBE-6D8C-4E6F-800E-8CE4B5F30541}.job
[2010/02/23 21:06:46 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\My Documents\OTL.exe
[2010/02/23 21:04:30 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\HP_Owner\My Documents\mbam-setup.exe
[2010/02/23 21:04:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/23 20:31:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/23 14:31:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/23 10:31:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 09:21:40 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\ComputerProblems.doc
[2010/02/23 08:36:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/23 08:33:27 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/23 08:13:31 | 000,042,275 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/23 08:11:01 | 003,869,515 | R--- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\schrauber.exe
[2010/02/23 00:00:31 | 000,021,958 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/02/23 00:00:31 | 000,002,832 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/02/22 17:12:45 | 000,143,999 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\meh butt.url
[2010/02/22 09:50:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/21 19:26:11 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Michaels assignment.doc
[2010/02/21 19:17:40 | 000,003,808 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mowitzgreenmow.jpg
[2010/02/21 19:16:43 | 000,002,931 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic2.jpg
[2010/02/21 19:16:42 | 000,003,884 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic3.jpg
[2010/02/21 19:16:01 | 000,003,819 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\meh mama.jpg
[2010/02/21 17:26:22 | 000,003,119 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic.jpg
[2010/02/21 16:05:49 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\Michaels report info.doc
[2010/02/21 13:51:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/21 13:49:08 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/02/21 13:48:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 13:48:52 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 12:20:59 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\dds(3).scr
[2010/02/21 12:20:25 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\dds(2).scr
[2010/02/20 23:14:05 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\NTUSER.DAT
[2010/02/20 23:13:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Owner\ntuser.ini
[2010/02/20 23:13:33 | 000,348,594 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db
[2010/02/18 16:01:19 | 000,003,876 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\epic.jpg
[2010/02/18 16:01:19 | 000,003,017 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\lolwut.jpg
[2010/02/18 16:00:07 | 000,005,026 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\lolwutlvlX.jpg
[2010/02/18 15:59:50 | 000,002,320 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\pear.jpg
[2010/02/18 15:55:29 | 000,002,695 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\pear seeds.jpg
[2010/02/18 15:47:22 | 000,002,849 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\weegee.jpg
[2010/02/18 15:37:48 | 000,002,771 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\mama luigi.jpg
[2010/02/18 14:28:45 | 000,002,605 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\luigi baby.jpg
[2010/02/18 11:00:04 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 11:14:32 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/15 05:40:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/15 01:53:35 | 000,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/02/13 16:12:48 | 000,280,400 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gs_qi_1.pdf
[2010/02/13 16:12:35 | 002,853,503 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gs_ug_1,0.pdf
[2010/02/13 16:12:13 | 000,099,477 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gsv7-ds,13.pdf
[2010/02/13 16:11:56 | 001,878,465 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\WRT54GS_SetupWizard,0.zip
[2010/02/13 10:46:46 | 000,001,060 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/13 10:40:09 | 000,253,440 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\LOL CATS.ppt
[2010/02/12 10:08:20 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/12 09:50:22 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/11 19:16:10 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\gmer.zip
[2010/02/11 19:13:12 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\dds.scr
[2010/02/10 16:06:47 | 000,036,729 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\weather.jpg
[2010/02/10 12:48:07 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.exe
[2010/02/10 12:47:18 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/02/10 12:45:15 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.msi
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\HP_Owner\My Documents\*.tmp files -> C:\Documents and Settings\HP_Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/23 08:19:19 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/23 08:19:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/23 08:19:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/23 08:19:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/23 08:19:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/23 08:10:58 | 003,869,515 | R--- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\schrauber.exe
[2010/02/21 19:18:19 | 000,003,808 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mowitzgreenmow.jpg
[2010/02/21 19:17:32 | 000,003,884 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic3.jpg
[2010/02/21 19:17:11 | 000,002,931 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic2.jpg
[2010/02/21 19:16:36 | 000,003,819 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\meh mama.jpg
[2010/02/21 17:29:09 | 000,003,119 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\olympic.jpg
[2010/02/21 17:13:35 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Michaels assignment.doc
[2010/02/21 16:05:49 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\Michaels report info.doc
[2010/02/21 12:20:59 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\dds(3).scr
[2010/02/21 12:20:24 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\dds(2).scr
[2010/02/18 16:01:48 | 000,003,876 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\epic.jpg
[2010/02/18 16:01:38 | 000,003,017 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\lolwut.jpg
[2010/02/18 16:00:36 | 000,005,026 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\lolwutlvlX.jpg
[2010/02/18 16:00:00 | 000,002,320 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\pear.jpg
[2010/02/18 15:57:00 | 000,002,695 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\pear seeds.jpg
[2010/02/18 15:47:32 | 000,002,849 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\weegee.jpg
[2010/02/18 15:38:10 | 000,002,771 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\mama luigi.jpg
[2010/02/18 14:29:10 | 000,002,605 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\luigi baby.jpg
[2010/02/18 11:00:04 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/13 16:12:48 | 000,280,400 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gs_qi_1.pdf
[2010/02/13 16:12:31 | 002,853,503 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gs_ug_1,0.pdf
[2010/02/13 16:12:12 | 000,099,477 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\wrt54gsv7-ds,13.pdf
[2010/02/13 16:11:56 | 001,878,465 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\WRT54GS_SetupWizard,0.zip
[2010/02/13 10:40:09 | 000,253,440 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\LOL CATS.ppt
[2010/02/12 14:43:52 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/12 09:51:26 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/11 19:16:09 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\gmer.zip
[2010/02/11 19:13:12 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\dds.scr
[2010/02/10 16:06:39 | 000,036,729 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\weather.jpg
[2010/02/10 12:47:18 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HiJackThis.lnk
[2010/02/10 12:45:14 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\HijackThis.msi
[2010/02/10 11:31:40 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Owner\My Documents\ComputerProblems.doc
[2010/02/01 10:01:00 | 000,038,434 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Comma Separated Values (DOS).ADR
[2009/09/11 07:34:31 | 000,013,005 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Comma Separated Values (DOS).CAL
[2008/08/12 17:08:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2007/12/25 15:58:20 | 000,000,199 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/12/20 14:25:17 | 000,000,675 | ---- | C] () -- C:\WINDOWS\HAMMER.INI
[2007/06/01 07:54:39 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/05/12 23:28:54 | 000,001,755 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/04/26 22:56:10 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/10 16:51:06 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\.mpid
[2006/11/25 16:04:02 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\slinfo_0.drv
[2006/01/30 08:15:53 | 000,000,104 | ---- | C] () -- C:\WINDOWS\rkeeper.ini
[2006/01/14 09:48:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/17 16:19:58 | 000,000,078 | ---- | C] () -- C:\WINDOWS\TONKA.INI
[2005/05/29 14:12:05 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
[2005/03/31 07:32:56 | 000,000,073 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/03/31 07:32:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/08 17:55:52 | 000,000,073 | ---- | C] () -- C:\WINDOWS\PUZZLES.INI
[2005/02/05 12:10:07 | 000,000,076 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2005/02/05 11:46:08 | 000,000,224 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/02/04 23:30:42 | 000,000,031 | ---- | C] () -- C:\WINDOWS\warhead.ini
[2005/01/17 11:56:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/01/14 19:41:34 | 000,008,438 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2004/12/03 14:06:46 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/12/03 14:05:28 | 000,002,004 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/11/28 15:47:23 | 000,001,112 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/11/27 21:42:13 | 000,027,229 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Personal Address Book.ADR
[2004/11/18 10:59:01 | 000,000,074 | ---- | C] () -- C:\WINDOWS\KPD.INI
[2004/11/16 09:52:27 | 000,000,001 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\jsanikaraoke.txt
[2004/11/15 20:49:07 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/11/15 18:36:08 | 000,000,276 | ---- | C] () -- C:\WINDOWS\ka.ini
[2004/11/15 13:56:58 | 000,000,067 | ---- | C] () -- C:\WINDOWS\PLAY-DOH.INI
[2004/11/15 13:48:06 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2004/10/19 20:35:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/19 20:35:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/19 20:35:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/19 20:35:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/19 20:35:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/19 20:35:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/08/08 10:16:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 16:39:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/08/07 16:39:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/07 16:39:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/07 16:34:39 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/08/07 16:28:27 | 000,026,939 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/08/07 16:27:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/08/07 16:17:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/07 15:24:38 | 000,003,093 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/08/07 15:17:16 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/07 14:26:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/08/07 14:26:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/08/07 14:25:38 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/08/07 14:07:48 | 000,000,904 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 13:47:30 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/06/29 07:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 00:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/23 12:30:00 | 000,105,873 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2003/01/23 12:30:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/06/13 21:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/05/27 19:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2008/09/19 02:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2005/01/17 11:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Imaginext™
[2004/12/26 15:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2007/06/01 20:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2007/07/21 10:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/18 19:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/03/28 06:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/06/28 11:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2007/06/01 20:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/18 11:00:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/12/08 16:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/14 17:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/02/22 09:50:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/15 01:53:35 | 000,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/01 00:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/02/23 21:12:34 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8953EBBE-6D8C-4E6F-800E-8CE4B5F30541}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D4624A4
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3D682FC
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:20240A47
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D69B4B5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CBB9ED6
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFD5EBFF
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BFC67DE
< End of report >


Extras.txt:

OTL Extras logfile created on: 2/23/2010 9:08:52 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\HP_Owner\My Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 180.50 Gb Total Space | 87.57 Gb Free Space | 48.51% Space Free | Partition Type: NTFS
Drive D: | 5.79 Gb Total Space | 0.74 Gb Free Space | 12.85% Space Free | Partition Type: FAT32
Drive E: | 2.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: KATIE
Current User Name: HP_Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"16074:TCP" = 16074:TCP:*:Enabled:BitComet 16074 TCP
"16074:UDP" = 16074:UDP:*:Enabled:BitComet 16074 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\HP_Owner\My Documents\Ghost_Multi-player2005-downloader.exe" = C:\Documents and Settings\HP_Owner\My Documents\Ghost_Multi-player2005-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Warcraft II BNE\Warcraft II BNE.exe" = C:\Program Files\Warcraft II BNE\Warcraft II BNE.exe:*:Disabled:Warcraft II Battle.net Edition -- (Blizzard Entertainment)
"C:\Diablo\Spawn\diablo_s.exe" = C:\Diablo\Spawn\diablo_s.exe:*:Enabled:Diablo -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Disabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\HP_Owner\My Documents\Hellfire-Citadel_Final_EN.avi-downloader.exe" = C:\Documents and Settings\HP_Owner\My Documents\Hellfire-Citadel_Final_EN.avi-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- (www.BitComet.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{02034A48-25C6-4BB4-8186-54917E5D49DA}" = SpongeBob SquarePants - Lights, Camera, Pants!
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0EE11800-A1BD-11D3-BFEB-005004AF2D32}" = Risk II
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37003C6E-DC86-4233-B5CE-665D82DFA7EB}" = Backyard Skateboarding
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45FC15ED-1713-4394-ACDF-866E23F46F46}" = 1300_Help
"{4B46E96E-6E42-407B-B61A-86594AD376BC}" = Zoo Empire
"{4E03E0F0-9530-4D74-A6EE-0FF134EBA6F0}" = 1300Trb
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5E1494D4-3562-4FFB-B35C-600F80F6934C}" = HP Image Zone Plus 4.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{85967580-EBC2-11D4-AEA3-0050046A88ED}" = LEGO Island 2
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D9768AE-DE42-4A04-A461-2361A58C384D}" = HPIZ402
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B196519A-A2AC-443E-84D1-F336B4E8F304}" = BIONICLE
"{B24F8C38-099E-4C29-A5B2-F012B5E22CAB}" = 1300Tour
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4E03835-FB8B-458A-A1FB-8CDE5424BE66}" = Sid Meier's Civilization 4
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA9A0063-68B5-47B3-91EA-214AD5B79EFB}" = 1300
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BC7E9D03-F7B1-4179-AAEC-941D14DF5EF3}" = Ben 10 Alien Force Bounty Hunters
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 52%
"{EC047FA6-E83D-4326-9195-E7D306C5B9A2}" = OLYMPUS muvee theaterPack
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ECAAC00F-74C7-4F1C-A110-F526ED630044}" = SpongeBob SquarePants - Nighty Nightmare
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"36317AE4-57EC-4F3E-B828-009A3DD96BE8" = Polar Bowler from Hewlett-Packard Desktops (remove only)
"3DGroove" = 3D Groove Playback Engine
"62067F4C-84A9-45B9-8573-B90468B0A3EF" = Orbital from Hewlett-Packard Desktops (remove only)
"6723E59E-322A-417A-8E03-27A61E18253C" = Overball from Hewlett-Packard Desktops (remove only)
"6B60434A-ABE1-48FF-906B-0EA67087AB25" = Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
"703E3900-69DA-47C9-9768-C6514098F149" = Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
"8C4E79CC-03E1-43AA-9910-9A5113F24603" = Blasterball 2 from Hewlett-Packard Desktops (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"Avatar Bobble Battles" = Avatar Bobble Battles
"B151D9AC-5E4E-4AD0-96C9-5A6C9EC23502" = Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
"BackWeb-309731 Uninstaller" = Updates from HP
"Battle X Game" = Battle X Game
"Battle.net" = Battle.net
"Bejeweled 2 Deluxe 1.1.3.2523" = Bejeweled 2 Deluxe 1.1.3.2523
"BitComet" = BitComet 1.12
"C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A" = Slyder from Hewlett-Packard Desktops (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"D11F7128-8CBD-408B-8BF8-034604DEDD42" = Bounce Symphony from Hewlett-Packard Desktops (remove only)
"DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292" = Crystal Maze from Hewlett-Packard Desktops (remove only)
"Diablo" = Diablo
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"Disney's Toontown Online" = Disney's Toontown Online
"DivX Content Uploader" = DivX Content Uploader
"E28167F1-3F42-40C7-9119-1D5A97444F10" = Blackhawk Striker from Hewlett-Packard Desktops (remove only)
"ESPNMotion" = ESPNMotion
"F5215F01-DFC0-475D-A910-6F1AF94E807E" = Tradewinds from Hewlett-Packard Desktops (remove only)
"Fairly OddParents - Timmy's Roach Rampage" = Fairly OddParents - Timmy's Roach Rampage
"Feeding Frenzy 2: Shipwreck Showdown" = Feeding Frenzy 2: Shipwreck Showdown
"Google Updater" = Google Updater
"Help and Support Additions" = Help and Support Additions
"Hot Wheels 2 - Get'n Dirty" = Hot Wheels® Stunt Track Driver 2 - GET'N DIRTY™
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imaginext Pirate Raider Demo" = Imaginext Pirate Raider Demo
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{C1983EC1-9919-4D3A-915C-79A3EE94D705}" = Backyard Hockey
"IsoBuster_is1" = IsoBuster 1.9.1
"Kidzui" = Kidzui
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Magic Ball 2" = Magic Ball 2
"Mayawaka" = Mayawaka
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Monopoly - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSC" = McAfee SecurityCenter
"MSNINST" = MSN
"Neopets: Operation Kreludor" = Neopets: Operation Kreludor
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Penguins' Journey" = Penguins' Journey
"Picasa 3" = Picasa 3
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealPlayer
"S3" = VIA/S3 Display Driver
"Snail Mail" = Snail Mail
"Snowy: The Bear's Adventures" = Snowy: The Bear's Adventures
"SpongeBob Atlantis SquareOff" = SpongeBob Atlantis SquareOff
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"SpongeBob SquarePants Obstacle Odyssey 2" = SpongeBob SquarePants Obstacle Odyssey 2
"ssmwin32.exe" = Mission: T.H.I.N.K.
"Starcraft" = Starcraft
"Stunt Track Driver" = Stunt Track Driver
"Supercow" = Supercow
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Theme Park World" = SimTheme Park
"U.B. Funkeys" = U.B. Funkeys
"UnityWebPlayer" = Unity Web Player
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Warcraft II BNE" = Warcraft II BNE
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinZip" = WinZip
"World of Warcraft" = World of Warcraft
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Yumsters!" = Yumsters!

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for HP_Owner
"BitTorrent DNA" = DNA
"Free Realms Installer" = Free Realms Installer
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2010 6:46:54 PM | Computer Name = KATIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/21/2010 6:49:54 PM | Computer Name = KATIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/21/2010 6:49:54 PM | Computer Name = KATIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/21/2010 7:49:58 PM | Computer Name = KATIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/21/2010 7:49:58 PM | Computer Name = KATIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/21/2010 8:27:29 PM | Computer Name = KATIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module mshtml.dll, version 7.0.6000.16674, fault address 0x000a7804.

Error - 2/22/2010 4:43:39 PM | Computer Name = KATIE | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 5:19:13 PM | Computer Name = KATIE | Source = Application Hang | ID = 1001
Description = Fault bucket 54869149.

Error - 2/23/2010 3:31:53 PM | Computer Name = KATIE | Source = Application Hang | ID = 1002
Description = Hanging application RobloxApp.exe, version 0.22.0.21, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/23/2010 7:58:08 PM | Computer Name = KATIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16674, faulting
module unknown, version 0.0.0.0, fault address 0x05986a18.

[ System Events ]
Error - 2/22/2010 4:04:48 PM | Computer Name = KATIE | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 2/23/2010 8:44:58 AM | Computer Name = KATIE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 2/23/2010 8:45:28 AM | Computer Name = KATIE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 2/23/2010 8:47:53 AM | Computer Name = KATIE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 2/23/2010 8:48:23 AM | Computer Name = KATIE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 2/23/2010 9:06:49 AM | Computer Name = KATIE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 2/23/2010 9:07:19 AM | Computer Name = KATIE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 2/23/2010 9:20:09 AM | Computer Name = KATIE | Source = Service Control Manager | ID = 7034
Description = The SecuROM User Access Service (V7) service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/23/2010 11:31:00 AM | Computer Name = KATIE | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error 2147942405 (0x80070005).

Error - 2/23/2010 11:31:30 AM | Computer Name = KATIE | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.


< End of report >


#9 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 10:35 PM

After MWB installation, when it started up, I received an error dialog titled "Malwarebytes' Anti-Malware" that contained the red X icon and a message "An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 732 (12007, 0)" I clicked OK to get past it and the MWB start page came up. Same error when I tried the Update tab. I guess because the MWB site is down.

#10 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 10:54 PM

MWB found and cleaned 8 things. Here's the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

2/23/2010 10:51:31 PM
mbam-log-2010-02-23 (22-51-31).txt

Scan type: Quick Scan
Objects scanned: 130272
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#11 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 23 February 2010 - 11:39 PM

I rebooted.

I'm still getting redirects to weird sites when I click on Google search result links (from both IE and Firefox). I can get to the actual result link by hitting the back button,or by looking at the back button pull-down list of links to see the one that was skipped over when it redirected me to the spam site.

I haven't seen any DLL pop-up messages yet - maybe that is fixed now?

McAfee security suite is presenting an error dialog on reboot or when I ask it to Update. It is telling me to reinstall it.

I tried a Windows Update and received an error "Internet Explorer cannot display the webpage" against the MS Windows update page "http://update.microsoft.com/microsoftupdate". Same with their security page. Perhaps something is on my system that is preventing loading of these pages?

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:41 AM

Posted 24 February 2010 - 03:23 PM

Hi,

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 25 February 2010 - 09:58 AM

It cleaned up something and asked for a reboot, after which the IE/FF redirects problem appears to be fixed.

TDSSKiller.txt:


09:31:50:812 1268 TDSS rootkit removing tool 2.2.7 Feb 25 2010 10:44:44
09:31:50:812 1268 ================================================================================
09:31:50:812 1268 SystemInfo:

09:31:50:812 1268 OS Version: 5.1.2600 ServicePack: 2.0
09:31:50:812 1268 Product type: Workstation
09:31:50:812 1268 ComputerName: KATIE
09:31:50:812 1268 UserName: HP_Owner
09:31:50:812 1268 Windows directory: C:\WINDOWS
09:31:50:812 1268 Processor architecture: Intel x86
09:31:50:812 1268 Number of processors: 1
09:31:50:812 1268 Page size: 0x1000
09:31:50:812 1268 Boot type: Normal boot
09:31:50:812 1268 ================================================================================
09:31:50:828 1268 UnloadDriverW: NtUnloadDriver error 2
09:31:50:828 1268 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
09:31:50:968 1268 Initialize success
09:31:50:968 1268
09:31:50:968 1268 Scanning Services ...
09:31:50:968 1268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
09:31:50:968 1268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:31:50:968 1268 wfopen_ex: Trying to KLMD file open
09:31:50:968 1268 wfopen_ex: File opened ok (Flags 2)
09:31:50:968 1268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
09:31:50:968 1268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
09:31:50:968 1268 wfopen_ex: Trying to KLMD file open
09:31:50:968 1268 wfopen_ex: File opened ok (Flags 2)
09:31:51:421 1268 GetAdvancedServicesInfo: Raw services enum returned 340 services
09:31:51:421 1268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
09:31:51:421 1268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
09:31:51:421 1268
09:31:51:421 1268 Scanning Kernel memory ...
09:31:51:421 1268 Devices to scan: 10
09:31:51:421 1268
09:31:51:421 1268 Driver Name: Disk
09:31:51:421 1268 IRP_MJ_CREATE : F763DC30
09:31:51:421 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:421 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:421 1268 IRP_MJ_READ : F7637D9B
09:31:51:421 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:421 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:421 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:421 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:421 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:421 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:421 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:421 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:421 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:421 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:421 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:421 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:421 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:421 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:421 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:421 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:421 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:421 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:421 1268 IRP_MJ_POWER : F7639EF3
09:31:51:421 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:421 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:421 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:421 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:421 1268 sion
09:31:51:437 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:437 1268
09:31:51:437 1268 Driver Name: Disk
09:31:51:437 1268 IRP_MJ_CREATE : F763DC30
09:31:51:437 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:437 1268 IRP_MJ_READ : F7637D9B
09:31:51:437 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:437 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:437 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:437 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:437 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:437 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:437 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_POWER : F7639EF3
09:31:51:437 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:437 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:437 1268 sion
09:31:51:437 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:437 1268
09:31:51:437 1268 Driver Name: Disk
09:31:51:437 1268 IRP_MJ_CREATE : F763DC30
09:31:51:437 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:437 1268 IRP_MJ_READ : F7637D9B
09:31:51:437 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:437 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:437 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:437 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:437 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:437 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:437 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_POWER : F7639EF3
09:31:51:437 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:437 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:437 1268 sion
09:31:51:437 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:437 1268
09:31:51:437 1268 Driver Name: Disk
09:31:51:437 1268 IRP_MJ_CREATE : F763DC30
09:31:51:437 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:437 1268 IRP_MJ_READ : F7637D9B
09:31:51:437 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:437 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:437 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:437 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:437 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:437 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:437 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:437 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:437 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:437 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:437 1268 IRP_MJ_POWER : F7639EF3
09:31:51:437 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:437 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:437 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:437 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:437 1268 sion
09:31:51:453 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:453 1268
09:31:51:453 1268 Driver Name: Disk
09:31:51:453 1268 IRP_MJ_CREATE : F763DC30
09:31:51:453 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:453 1268 IRP_MJ_READ : F7637D9B
09:31:51:453 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:453 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:453 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:453 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:453 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:453 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:453 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_POWER : F7639EF3
09:31:51:453 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:453 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:453 1268 sion
09:31:51:453 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:453 1268
09:31:51:453 1268 Driver Name: Disk
09:31:51:453 1268 IRP_MJ_CREATE : F763DC30
09:31:51:453 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:453 1268 IRP_MJ_READ : F7637D9B
09:31:51:453 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:453 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:453 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:453 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:453 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:453 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:453 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_POWER : F7639EF3
09:31:51:453 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:453 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:453 1268 sion
09:31:51:453 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:453 1268
09:31:51:453 1268 Driver Name: Disk
09:31:51:453 1268 IRP_MJ_CREATE : F763DC30
09:31:51:453 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:453 1268 IRP_MJ_READ : F7637D9B
09:31:51:453 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:453 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:453 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:453 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:453 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:453 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:453 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:453 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:453 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:453 1268 IRP_MJ_POWER : F7639EF3
09:31:51:453 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:453 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:453 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:453 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:453 1268 sion
09:31:51:453 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:453 1268
09:31:51:453 1268 Driver Name: Disk
09:31:51:453 1268 IRP_MJ_CREATE : F763DC30
09:31:51:453 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:453 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:453 1268 IRP_MJ_READ : F7637D9B
09:31:51:453 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:468 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:468 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:468 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:468 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:468 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:468 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:468 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:468 1268 IRP_MJ_POWER : F7639EF3
09:31:51:468 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:468 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:468 1268 sion
09:31:51:468 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:468 1268
09:31:51:468 1268 Driver Name: Disk
09:31:51:468 1268 IRP_MJ_CREATE : F763DC30
09:31:51:468 1268 IRP_MJ_CREATE_NAMED_PIPE : 804FB8DE
09:31:51:468 1268 IRP_MJ_CLOSE : F763DC30
09:31:51:468 1268 IRP_MJ_READ : F7637D9B
09:31:51:468 1268 IRP_MJ_WRITE : F7637D9B
09:31:51:468 1268 IRP_MJ_QUERY_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_EA : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_EA : 804FB8DE
09:31:51:468 1268 IRP_MJ_FLUSH_BUFFERS : F7638366
09:31:51:468 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_VOLUME_INFORMATION : 804FB8DE
09:31:51:468 1268 IRP_MJ_DIRECTORY_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_FILE_SYSTEM_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_DEVICE_CONTROL : F763844D
09:31:51:468 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BFC3
09:31:51:468 1268 IRP_MJ_SHUTDOWN : F7638366
09:31:51:468 1268 IRP_MJ_LOCK_CONTROL : 804FB8DE
09:31:51:468 1268 IRP_MJ_CLEANUP : 804FB8DE
09:31:51:468 1268 IRP_MJ_CREATE_MAILSLOT : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_SECURITY : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_SECURITY : 804FB8DE
09:31:51:468 1268 IRP_MJ_POWER : F7639EF3
09:31:51:468 1268 IRP_MJ_SYSTEM_CONTROL : F763EA24
09:31:51:468 1268 IRP_MJ_DEVICE_CHANGE : 804FB8DE
09:31:51:468 1268 IRP_MJ_QUERY_QUOTA : 804FB8DE
09:31:51:468 1268 IRP_MJ_SET_QUOTA : 804FB8DE
09:31:51:468 1268 sion
09:31:51:468 1268 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
09:31:51:468 1268
09:31:51:468 1268 Driver Name: atapi
09:31:51:468 1268 IRP_MJ_CREATE : F74AA9F2
09:31:51:468 1268 IRP_MJ_CREATE_NAMED_PIPE : F74AA9F2
09:31:51:468 1268 IRP_MJ_CLOSE : F74AA9F2
09:31:51:468 1268 IRP_MJ_READ : F74AA9F2
09:31:51:468 1268 IRP_MJ_WRITE : F74AA9F2
09:31:51:468 1268 IRP_MJ_QUERY_INFORMATION : F74AA9F2
09:31:51:468 1268 IRP_MJ_SET_INFORMATION : F74AA9F2
09:31:51:468 1268 IRP_MJ_QUERY_EA : F74AA9F2
09:31:51:468 1268 IRP_MJ_SET_EA : F74AA9F2
09:31:51:468 1268 IRP_MJ_FLUSH_BUFFERS : F74AA9F2
09:31:51:468 1268 IRP_MJ_QUERY_VOLUME_INFORMATION : F74AA9F2
09:31:51:468 1268 IRP_MJ_SET_VOLUME_INFORMATION : F74AA9F2
09:31:51:468 1268 IRP_MJ_DIRECTORY_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_FILE_SYSTEM_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_DEVICE_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_SHUTDOWN : F74AA9F2
09:31:51:468 1268 IRP_MJ_LOCK_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_CLEANUP : F74AA9F2
09:31:51:468 1268 IRP_MJ_CREATE_MAILSLOT : F74AA9F2
09:31:51:468 1268 IRP_MJ_QUERY_SECURITY : F74AA9F2
09:31:51:468 1268 IRP_MJ_SET_SECURITY : F74AA9F2
09:31:51:468 1268 IRP_MJ_POWER : F74AA9F2
09:31:51:468 1268 IRP_MJ_SYSTEM_CONTROL : F74AA9F2
09:31:51:468 1268 IRP_MJ_DEVICE_CHANGE : F74AA9F2
09:31:51:468 1268 IRP_MJ_QUERY_QUOTA : F74AA9F2
09:31:51:468 1268 IRP_MJ_SET_QUOTA : F74AA9F2
09:31:51:484 1268 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
09:31:51:484 1268 TDL3_IrpHookDetect: New IrpHandler addr: 89B5A8C8
09:31:51:484 1268 ihd: 10, FFDF0308, 510, 134, 3, 120, 0
09:31:51:484 1268 Driver "atapi" Irp handler infected by TDSS rootkit ... 09:31:51:484 1268 cured
09:31:51:484 1268 siohd: 0
09:31:51:484 1268 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
09:31:51:484 1268 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 09:31:51:484 1268 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
09:31:51:484 1268 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
09:31:51:703 1268 vfvi6
09:31:51:796 1268 !dsvbh1
09:31:55:609 1268 dsvbh2
09:31:55:671 1268 fdfb2
09:31:55:671 1268 Backup copy found, using it..
09:31:55:734 1268 will be cured on next reboot
09:31:55:734 1268 Reboot required for cure complete..
09:31:55:859 1268 Cure on reboot scheduled successfully
09:31:55:859 1268
09:31:55:859 1268 Completed
09:31:55:859 1268
09:31:55:859 1268 Results:
09:31:55:859 1268 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
09:31:55:859 1268 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
09:31:55:859 1268 File objects infected / cured / cured on reboot: 1 / 0 / 1
09:31:55:875 1268
09:31:55:875 1268 UnloadDriverW: NtUnloadDriver error 1
09:31:55:875 1268 KLMD_Unload: UnloadDriverW(klmd21) error 1
09:31:55:875 1268 KLMD(ARK) unloaded successfully


#14 FamilyGuy

FamilyGuy
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 25 February 2010 - 10:03 AM

Original issue of DLL pop-ups appears to be fixed. Thanks

Original issue of Background Intelligent Transfer Service not starting continues to persist, preventing me from doing Windows Update.

New issue: At some point in the past few days, my McAfee SecurityCenter update function stopped working and now reports the following error:
"An error occurred while updating. Please reinstall these programs: McAfee Security Suite"



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:41 AM

Posted 25 February 2010 - 02:36 PM

Hi,

Ok, please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users