Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Numerous Infections


  • This topic is locked This topic is locked
29 replies to this topic

#1 DDGSnipe

DDGSnipe

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 08 May 2010 - 06:47 PM

Background:

I received a badly infected computer from my son. He had fake AV and malware software on it and it was a mess. I installed Avast and Spybot and went to work. 7 viruses were eliminated right away as well as about 400 instances of malware. I ended up with a search hijacker and ended up here looking for a solution. I ran combofix and it appeared that the hijacked was removed. Then Avast started catching viruses again, to date it has removed 17. I ran combofix again and if found and deleted more stuff. The computer seems to work fine for awhile then gets hit again. I fear that I have another trojan hanging out somewhere. I followed the preparation guide and am attaching the log files. I will not run anything else until requested to do so. I can attach the combofix log if needed as well as provide the viruses found. Let me know if more info is required.

Please take a look and let me know if it is OK to give the computer back to my son. Thanks in advance.

DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by david at 14:12:21.90 on Sat 05/08/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.144 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\david\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://www.detailedshow.org/ac.php?aid=357&sid=new
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\common\ycomp5_1_6_0.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SBC Yahoo! Connection Manager] "c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe"
mRun: [IPInSightMonitor 01] "c:\program files\sbc yahoo!\connection manager\ip insight\IPMon32.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\309731\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://download.yahoo.com/dl/installs/ymail/ymmapi.dll
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-2 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-2 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-2 40384]

=============== Created Last 30 ================

2010-05-08 21:11:08 0 ----a-w- c:\documents and settings\david\defogger_reenable
2010-05-08 15:42:52 0 d-----w- c:\docume~1\david\applic~1\Malwarebytes
2010-05-08 15:42:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 15:42:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-08 15:42:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 15:42:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 02:16:50 98816 ----a-w- c:\windows\sed.exe
2010-05-08 02:16:50 77312 ----a-w- c:\windows\MBR.exe
2010-05-08 02:16:50 256512 ----a-w- c:\windows\PEV.exe
2010-05-08 02:16:50 161792 ----a-w- c:\windows\SWREG.exe
2010-05-08 00:02:33 0 d-----w- c:\program files\Trend Micro
2010-05-06 22:07:51 0 d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-05-06 01:29:13 0 d-----w- c:\windows\system32\scripting
2010-05-06 01:29:12 0 d-----w- c:\windows\system32\bits
2010-05-06 01:29:12 0 d-----w- c:\windows\l2schemas
2010-05-06 01:21:21 0 d-----w- c:\windows\EHome
2010-05-05 03:34:01 0 d-sh--w- c:\documents and settings\david\PrivacIE
2010-05-05 03:32:37 0 d-sh--w- c:\documents and settings\david\IETldCache
2010-05-05 03:28:01 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-05 03:27:59 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-05 03:27:56 0 d-----w- c:\windows\ie8updates
2010-05-05 03:27:30 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-05 03:27:22 1355 ----a-w- c:\windows\imsins.BAK
2010-05-05 03:25:58 0 dc-h--w- c:\windows\ie8
2010-05-05 02:44:13 0 d-sh--w- c:\documents and settings\david\UserData
2010-05-04 00:15:15 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-04 00:15:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-05-03 01:53:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-03 01:05:06 0 d-----w- c:\program files\IObit
2010-05-03 01:05:06 0 d-----w- c:\docume~1\david\applic~1\IObit
2010-05-01 19:16:13 54156 ---ha-w- c:\windows\QTFont.qfn
2010-05-01 19:16:13 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-25 06:24:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 16:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 16:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys

============= FINISH: 14:13:12.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 10 May 2010 - 04:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 10 May 2010 - 07:16 PM

Thanks for the reply Myrti. I re-read my original post and forgot to add a couple of things. I had ran Malware Bytes and it found and quarantined NPMyWebS.dll (Adware.MyWebSearch) and PRAGMAc.dll.vir (Malware.Packer.Gen). Also, I had used Advanced System Care to clean up the registry and remove spyware. Below are the copies of the scans that you wanted me to run. Thanks for the help.

OTL.txt

OTL logfile created on: 5/10/2010 4:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = K:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 105.69 Gb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.25 Gb Free Space | 18.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.74 Gb Total Space | 3.65 Gb Free Space | 97.73% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2
Current User Name: david
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/10 16:36:26 | 000,570,880 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010/05/06 13:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/09 02:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
PRC - [2005/05/06 00:15:23 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2005/05/05 23:35:32 | 000,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
PRC - [2005/05/05 23:35:32 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2005/02/16 16:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/25 14:17:56 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE
PRC - [2004/09/29 19:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003/07/14 12:55:01 | 001,028,096 | ---- | M] (SBC Yahoo!) -- C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe


========== Modules (SafeList) ==========

MOD - [2010/05/10 16:36:26 | 000,570,880 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/05/06 00:15:23 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\david\Local Settings\temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 13:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/09/09 04:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2004/09/29 19:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/01/19 17:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/15 14:52:48 | 000,071,168 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/29 10:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/12/02 18:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2001/08/23 12:00:00 | 000,022,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/06/04 06:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/05/08 13:41:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [SBC Yahoo! Connection Manager] C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe (SBC Yahoo!)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1369594582-2361589150-403224911-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (yucsetreg Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll (YahooYMailTo Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yahoo.com/dl/installs/yab_af.cab (YAddBook Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab (PhotosCtrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.104.100.3 206.105.213.4
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/06 00:47:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{989c452c-564f-11df-83e5-0011d8eaf74c}\Shell - "" = AutoRun
O33 - MountPoints2\{989c452c-564f-11df-83e5-0011d8eaf74c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{989c452c-564f-11df-83e5-0011d8eaf74c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - Reg Error: Value error.
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/05/05 19:20:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 14:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Desktop\gmer
[2010/05/08 13:56:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/08 13:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/08 08:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\Malwarebytes
[2010/05/08 08:42:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/08 08:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/08 08:42:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/08 08:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 08:40:10 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\david\Desktop\mbam-setup-1.46.exe
[2010/05/07 19:16:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/07 19:16:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/07 19:16:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/07 19:16:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/07 19:16:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/07 19:16:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/07 17:02:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/06 15:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/05/05 19:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/05/05 19:00:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/05 18:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/05/05 18:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/05/05 18:29:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/05/05 18:21:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/05 18:21:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/05/04 20:34:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\david\PrivacIE
[2010/05/04 20:32:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\david\IETldCache
[2010/05/04 20:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/04 20:25:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/04 19:44:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\david\UserData
[2010/05/03 17:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\Macromedia
[2010/05/03 17:22:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\Adobe
[2010/05/03 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/03 17:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/02 18:53:51 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/02 18:53:51 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/02 18:53:50 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/02 18:53:49 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/02 18:53:47 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/02 18:53:47 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/02 18:53:47 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/02 18:53:33 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/02 18:53:33 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/02 18:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/02 18:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/02 18:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/05/02 18:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\IObit
[2010/05/02 18:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Application Data\U3
[2010/05/02 09:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\david\Local Settings\Application Data\Scansoft
[2005/12/22 22:56:18 | 000,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/10 16:35:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/05/10 16:35:08 | 000,000,187 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/05/10 16:30:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/10 16:30:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/10 16:30:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/10 16:30:19 | 528,011,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 20:35:49 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\david\NTUSER.DAT
[2010/05/08 20:35:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\david\ntuser.ini
[2010/05/08 20:35:43 | 011,260,352 | -H-- | M] () -- C:\Documents and Settings\david\Local Settings\Application Data\IconCache.db
[2010/05/08 14:11:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\david\defogger_reenable
[2010/05/08 14:09:08 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\david\Desktop\gmer.zip
[2010/05/08 14:08:36 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\david\Desktop\dds.scr
[2010/05/08 14:07:56 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\david\Desktop\Defogger.exe
[2010/05/08 13:42:17 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/08 13:41:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/08 13:30:04 | 003,684,271 | R--- | M] () -- C:\Documents and Settings\david\Desktop\ComboFix.exe
[2010/05/08 08:42:45 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 08:40:11 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\david\Desktop\mbam-setup-1.46.exe
[2010/05/07 19:43:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100508-083551.backup
[2010/05/07 17:02:33 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\david\Desktop\HijackThis.lnk
[2010/05/07 17:02:00 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\david\Desktop\My Computer.lnk
[2010/05/07 16:43:31 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 14:47:10 | 000,143,480 | ---- | M] () -- C:\Documents and Settings\david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/06 13:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 13:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/05 20:03:02 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/05 19:01:59 | 000,441,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 19:01:59 | 000,381,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 19:01:59 | 000,053,436 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 19:00:35 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/05 18:59:41 | 000,413,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/05 18:25:37 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/03 21:54:22 | 000,006,550 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2010/05/03 17:15:35 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\david\Desktop\Spybot - Search & Destroy.lnk
[2010/05/02 18:53:52 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/02 18:05:10 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/01 12:16:13 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/14 09:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/08 14:11:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\david\defogger_reenable
[2010/05/08 14:10:29 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\david\Desktop\gmer.zip
[2010/05/08 14:10:27 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\david\Desktop\Defogger.exe
[2010/05/08 14:10:22 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\david\Desktop\dds.scr
[2010/05/08 08:42:45 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 19:16:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/07 19:16:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/07 19:16:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/07 19:16:50 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/07 19:16:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/07 19:15:49 | 003,684,271 | R--- | C] () -- C:\Documents and Settings\david\Desktop\ComboFix.exe
[2010/05/07 17:02:33 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\david\Desktop\HijackThis.lnk
[2010/05/07 17:02:00 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\david\Desktop\My Computer.lnk
[2010/05/04 20:27:22 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/03 17:15:35 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\david\Desktop\Spybot - Search & Destroy.lnk
[2010/05/02 18:53:52 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/02 18:05:10 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/05/01 12:16:13 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/05/01 12:16:13 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/12/07 20:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DIY.ini
[2009/04/22 17:20:33 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/07/31 16:48:03 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/07/11 19:59:43 | 000,001,150 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/27 21:23:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2006/04/02 11:08:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\PrintWorkShop2006.ini
[2005/12/22 22:56:16 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2005/07/28 10:54:58 | 000,006,550 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/07/28 10:51:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/07/17 17:16:13 | 000,010,481 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2005/07/17 17:15:54 | 000,000,516 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/05/06 00:50:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/06 00:46:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/06 00:46:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/06 00:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/06 00:46:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/06 00:46:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/06 00:46:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/06 00:14:08 | 000,014,553 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/05/06 00:14:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/05/06 00:13:39 | 000,002,154 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/05/06 00:10:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/05 23:44:43 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/05 23:30:31 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/05/05 23:28:33 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/05/05 23:28:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/05/05 23:28:06 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/02/18 10:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/19 22:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 22:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/15 21:38:00 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/14 12:30:28 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/04/10 22:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 22:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 12:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 08:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/05/05 18:21:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/01/26 13:45:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/26 13:45:52 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/26 13:45:52 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/06 13:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 13:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 13:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 13:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 13:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 13:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 13:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 06:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 05:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

Extras.txt

OTL Extras logfile created on: 5/10/2010 4:41:42 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = K:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

503.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.08 Gb Total Space | 105.69 Gb Free Space | 74.39% Space Free | Partition Type: NTFS
Drive D: | 6.96 Gb Total Space | 1.25 Gb Free Space | 18.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 3.74 Gb Total Space | 3.65 Gb Free Space | 97.73% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2
Current User Name: david
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE" = C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0E484A60-A429-49A8-982C-D6475F1E80A9}" = HPIZplus450
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236189C2-7507-11D4-950D-00609733D4AD}" = JamP3
"{24FBE9FC-6C0E-4221-AE41-55A40BEFE93F}" = CameraDrivers
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}" = HP Image Zone Plus 4.8.6
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7217DF28-4855-421F-8FD9-377F50E2B93D}" = Print Workshop 2006 LE
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{99F0545E-D93D-481D-8088-7F50FD76DE55}" = Scrapbooks Plus Workshop
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABA2B37F-AB88-486e-870A-52454A23FEE0}" = HP Photosmart Cameras 4.5
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBACCC0D-7B8B-4C3E-AA96-B6C64DCF19BB}" = LS_HSI
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & WhiteŽ 2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations
"{FC10C922-52E9-4739-ACD0-EB0FF035EE7E}" = muvee autoProducer 4.0
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Age of Mythology 1.0" = Age of Mythology
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATT-RemoteControl" = ATT-RemoteControl
"avast5" = avast! Free Antivirus
"BackWeb-309731 Uninstaller" = Updates from HP
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Chris Moneymakers World Poker Championship" = Chris Moneymakers World Poker Championship (remove only)
"Desktop Weather by The Weather Channel" = Desktop Weather by The Weather Channel
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"DIY_is1" = DIY
"Dune 2000" = Dune 2000
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Deskjet 3840 Series_Driver" = HP Deskjet 3840 Series
"HP Photo & Imaging" = HP Image Zone 4.8.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{BE20E2F5-1903-4AAE-B1AF-2046E586C925}" = iTunes
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSNINST" = MSN
"MusicMatch Jukebox" = MusicMatch Jukebox
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"RealPlayer 6.0" = RealPlayer
"SBC Yahoo! Applications" = SBC Yahoo! Applications
"Smart Defrag_is1" = Smart Defrag
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WOLAPI" = Westwood Shared Internet Components

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 10:53:28 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/27/2010 10:53:29 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/27/2010 6:36:43 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 4/27/2010 6:36:44 PM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 4/30/2010 4:10:41 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application hpbootop.exe, version 2.0.5.0, faulting module
hpbootop.exe, version 2.0.5.0, fault address 0x000164f4.

Error - 4/30/2010 4:24:50 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2010 3:18:10 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application sysmon64x.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/1/2010 5:53:41 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module shlwapi.dll, version 6.0.2900.3676, fault address 0x0002c428.

Error - 5/4/2010 11:28:25 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3676, fault address 0x0003df2f.

Error - 5/4/2010 11:29:35 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3676, fault address 0x0003df2f.

[ System Events ]
Error - 5/2/2010 9:53:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/3/2010 10:34:41 PM | Computer Name = YOUR-F78BF48CE2 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 5/4/2010 11:19:09 PM | Computer Name = YOUR-F78BF48CE2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/7/2010 10:17:05 PM | Computer Name = YOUR-F78BF48CE2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 5/7/2010 10:17:31 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/7/2010 10:22:17 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/7/2010 10:37:01 PM | Computer Name = YOUR-F78BF48CE2 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_PRAGMASBCRPVCDBX\0000 disappeared from the
system without first being prepared for removal.

Error - 5/8/2010 4:25:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/8/2010 4:25:31 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k

Error - 5/8/2010 4:33:20 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 10 May 2010 - 07:59 PM

Hi,

can you please provide the logs from the combofix runs. They should be in C:\combofix.txt and C:\qoobox\combofix2.txt

How is the PC doing? The logs are looking pretty good.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 10 May 2010 - 08:19 PM

Myrti:
The PC seems to be doing OK. It is pretty slow typing in this reply box but other than that I have not had any problems. I can get a few words typed before they show up on the screen. Don't know if that is related or not. Here are the combofix logs that you requested.

Combofix.txt
ComboFix 10-05-07.07 - david 05/08/2010 13:33:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.176 [GMT -7:00]
Running from: c:\documents and settings\david\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\david\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\david\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes
2010-05-08 15:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 15:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 00:02 . 2010-05-08 00:02 -------- d-----w- c:\program files\Trend Micro
2010-05-07 00:30 . 2010-05-07 00:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit
2010-05-07 00:26 . 2010-05-07 00:26 -------- d-sh--w- c:\documents and settings\eric\PrivacIE
2010-05-06 22:07 . 2010-05-06 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-06 02:00 . 2010-05-06 02:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\scripting
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\l2schemas
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\bits
2010-05-06 01:21 . 2010-05-06 01:21 -------- d-----w- c:\windows\EHome
2010-05-05 03:42 . 2010-05-05 03:42 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Scansoft
2010-05-05 03:41 . 2010-05-05 03:41 -------- d-sh--w- c:\documents and settings\eric\IETldCache
2010-05-05 03:40 . 2010-05-05 03:40 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE
2010-05-05 03:38 . 2010-05-05 03:38 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2010-05-05 03:34 . 2010-05-05 03:34 -------- d-sh--w- c:\documents and settings\david\PrivacIE
2010-05-05 03:33 . 2010-05-05 03:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-05 03:32 . 2010-05-05 03:32 -------- d-sh--w- c:\documents and settings\david\IETldCache
2010-05-05 03:28 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-05 03:27 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-05 03:27 . 2010-05-08 20:24 -------- d-----w- c:\windows\ie8updates
2010-05-05 03:27 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-05 03:25 . 2010-05-05 03:26 -------- dc-h--w- c:\windows\ie8
2010-05-05 02:55 . 2010-05-06 21:47 143480 ----a-w- c:\documents and settings\david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-05 02:44 . 2010-05-05 02:44 -------- d-sh--w- c:\documents and settings\david\UserData
2010-05-04 00:15 . 2010-05-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 00:15 . 2010-05-04 00:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 01:53 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-03 01:53 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-03 01:53 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-03 01:53 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-03 01:53 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-03 01:53 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-03 01:53 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-03 01:53 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-03 01:53 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\program files\Alwil Software
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-03 01:05 . 2010-05-05 02:56 -------- d-----w- c:\documents and settings\david\Application Data\IObit
2010-05-03 01:05 . 2010-05-04 23:15 -------- d-----w- c:\program files\IObit
2010-05-03 01:03 . 2010-05-08 01:36 -------- d-----w- c:\documents and settings\david\Application Data\U3
2010-05-02 16:43 . 2010-05-02 16:43 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Scansoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 00:26 . 2009-12-21 19:05 -------- d-----w- c:\program files\Sony Online Entertainment
2010-05-07 00:18 . 2005-09-01 01:20 143480 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 01:32 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 01:32 . 2010-05-06 01:32 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-05-06 01:32 . 2010-05-06 01:32 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Symantec
2010-05-03 01:44 . 2005-05-06 07:00 -------- d-----w- c:\program files\WildTangent
2010-04-25 23:01 . 2006-01-09 20:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AdobeUM
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 18:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SBC Yahoo! Connection Manager"="c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 1028096]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-06 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-6 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2010 6:53 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2010 6:53 PM 19024]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2005-11-04 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.detailedshow.org/ac.php?aid=357&sid=new
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 13:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-08 13:49:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 20:49
ComboFix2.txt 2010-05-08 02:49

Pre-Run: 113,584,160,768 bytes free
Post-Run: 113,551,777,792 bytes free

- - End Of File - - 54197D233AD3C90A27D0A46B9947B489

Combofix2.txt
ComboFix 10-05-07.05 - david 05/07/2010 19:22:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.274 [GMT -7:00]
Running from: c:\documents and settings\david\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\fiosejgfse.dll
c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\program files\Digital Protection
c:\windows\patch.exe
c:\windows\PRAGMAsbcrpvcdbx
c:\windows\PRAGMAsbcrpvcdbx\PRAGMAc.dll
c:\windows\PRAGMAsbcrpvcdbx\PRAGMAcfg.ini
c:\windows\system32\pragmabbr.dll
c:\windows\system32\pragmaserf.dll
c:\windows\system32\PRAGMAsrcr.dat
c:\windows\viassary-hp.reg
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PRAGMAsbcrpvcdbx
-------\Legacy_PRAGMAsbcrpvcdbx
-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-08 00:02 . 2010-05-08 00:02 -------- d-----w- c:\program files\Trend Micro
2010-05-07 00:30 . 2010-05-07 00:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit
2010-05-07 00:26 . 2010-05-07 00:26 -------- d-sh--w- c:\documents and settings\eric\PrivacIE
2010-05-06 22:07 . 2010-05-06 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-06 02:00 . 2010-05-06 02:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\scripting
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\l2schemas
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\bits
2010-05-06 01:21 . 2010-05-06 01:21 -------- d-----w- c:\windows\EHome
2010-05-05 03:42 . 2010-05-05 03:42 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Scansoft
2010-05-05 03:41 . 2010-05-05 03:41 -------- d-sh--w- c:\documents and settings\eric\IETldCache
2010-05-05 03:40 . 2010-05-05 03:40 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE
2010-05-05 03:38 . 2010-05-05 03:38 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2010-05-05 03:34 . 2010-05-05 03:34 -------- d-sh--w- c:\documents and settings\david\PrivacIE
2010-05-05 03:33 . 2010-05-05 03:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-05 03:32 . 2010-05-05 03:32 -------- d-sh--w- c:\documents and settings\david\IETldCache
2010-05-05 03:28 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-05 03:27 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-05 03:27 . 2010-05-05 03:27 -------- d-----w- c:\windows\ie8updates
2010-05-05 03:27 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-05 03:25 . 2010-05-05 03:26 -------- dc-h--w- c:\windows\ie8
2010-05-05 02:55 . 2010-05-06 21:47 143480 ----a-w- c:\documents and settings\david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-05 02:44 . 2010-05-05 02:44 -------- d-sh--w- c:\documents and settings\david\UserData
2010-05-04 00:15 . 2010-05-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 00:15 . 2010-05-04 00:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 01:53 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-03 01:53 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-03 01:53 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-03 01:53 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-03 01:53 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-03 01:53 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-03 01:53 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-03 01:53 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-03 01:53 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\program files\Alwil Software
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-03 01:05 . 2010-05-05 02:56 -------- d-----w- c:\documents and settings\david\Application Data\IObit
2010-05-03 01:05 . 2010-05-04 23:15 -------- d-----w- c:\program files\IObit
2010-05-03 01:03 . 2010-05-08 01:36 -------- d-----w- c:\documents and settings\david\Application Data\U3
2010-05-02 16:43 . 2010-05-02 16:43 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Scansoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 00:26 . 2009-12-21 19:05 -------- d-----w- c:\program files\Sony Online Entertainment
2010-05-07 00:18 . 2005-09-01 01:20 143480 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 01:32 . 2005-01-27 05:13 83187 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-06 01:32 . 2010-05-06 01:32 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2010-05-06 01:32 . 2010-05-06 01:32 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Symantec
2010-05-03 01:44 . 2005-05-06 07:00 -------- d-----w- c:\program files\WildTangent
2010-04-25 23:01 . 2006-01-09 20:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AdobeUM
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 18:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SBC Yahoo! Connection Manager"="c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 1028096]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-6 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2010 6:53 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2010 6:53 PM 19024]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2005-11-04 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]

2010-05-04 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-05-04 19:57]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.detailedshow.org/ac.php?aid=357&sid=new
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-07 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\docume~1\david\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-07 19:49:28 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 02:49

Pre-Run: 112,366,743,552 bytes free
Post-Run: 113,666,895,872 bytes free

- - End Of File - - 91966DF882C29F8590C09EA48D14353A


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 10 May 2010 - 11:17 PM

Hi,

that is actually looking rather good. I would like you to run an updated scan with ComboFix.

Your PC should not be slower than before the infection. Could you take a look at your taskmanager and tell me which programm is using the most CPU.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 11 May 2010 - 06:52 PM

Myrti:

Nothing looks out of line in the task manager. System Idle Process is the majority of the CPU usage and right now I have a total usage of about 4%. I do not know how this computer usually runs since it is not mine. I do know that it is running significantly better than when I got into it a week ago. The typing seems a lot faster tonight VS last night. I just ran ComboFix and it deleted a bunch of stuff out of the system32 directory. Maybe I still have something hanging on? Anyway, below is the log of a fresh run on ComboFix. Thanks.



ComboFix 10-05-10.05 - david 05/11/2010 16:21:55.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.179 [GMT -7:00]
Running from: c:\documents and settings\david\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\david\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\david\Local Settings\temp\IadHide5.dll
c:\windows\system32\igfxrara.lrc
c:\windows\system32\igfxrarb.lrc
c:\windows\system32\igfxrchs.lrc
c:\windows\system32\igfxrcht.lrc
c:\windows\system32\igfxrcsy.lrc
c:\windows\system32\igfxrdan.lrc
c:\windows\system32\igfxrdeu.lrc
c:\windows\system32\igfxrell.lrc
c:\windows\system32\igfxreng.lrc
c:\windows\system32\igfxrenu.lrc
c:\windows\system32\igfxresp.lrc
c:\windows\system32\igfxrfin.lrc
c:\windows\system32\igfxrfra.lrc
c:\windows\system32\igfxrfrc.lrc
c:\windows\system32\igfxrheb.lrc
c:\windows\system32\igfxrhun.lrc
c:\windows\system32\igfxrita.lrc
c:\windows\system32\igfxrjpn.lrc
c:\windows\system32\igfxrkor.lrc
c:\windows\system32\igfxrnld.lrc
c:\windows\system32\igfxrnor.lrc
c:\windows\system32\igfxrplk.lrc
c:\windows\system32\igfxrptb.lrc
c:\windows\system32\igfxrptg.lrc
c:\windows\system32\igfxrrus.lrc
c:\windows\system32\igfxrsve.lrc
c:\windows\system32\igfxrtha.lrc
c:\windows\system32\igfxrtrk.lrc

.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\documents and settings\david\Application Data\Malwarebytes
2010-05-08 15:42 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-08 15:42 . 2010-05-08 15:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 15:42 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-08 00:02 . 2010-05-08 00:02 -------- d-----w- c:\program files\Trend Micro
2010-05-07 00:30 . 2010-05-07 00:31 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\IObit
2010-05-07 00:26 . 2010-05-07 00:26 -------- d-sh--w- c:\documents and settings\eric\PrivacIE
2010-05-06 22:07 . 2010-05-06 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-06 02:00 . 2010-05-06 02:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\scripting
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\l2schemas
2010-05-06 01:29 . 2010-05-06 01:29 -------- d-----w- c:\windows\system32\bits
2010-05-06 01:21 . 2010-05-06 01:21 -------- d-----w- c:\windows\EHome
2010-05-05 03:42 . 2010-05-05 03:42 -------- d-----w- c:\documents and settings\eric\Local Settings\Application Data\Scansoft
2010-05-05 03:41 . 2010-05-05 03:41 -------- d-sh--w- c:\documents and settings\eric\IETldCache
2010-05-05 03:40 . 2010-05-05 03:40 -------- d-sh--w- c:\documents and settings\HP_Owner\PrivacIE
2010-05-05 03:38 . 2010-05-05 03:38 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2010-05-05 03:34 . 2010-05-05 03:34 -------- d-sh--w- c:\documents and settings\david\PrivacIE
2010-05-05 03:33 . 2010-05-05 03:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-05 03:32 . 2010-05-05 03:32 -------- d-sh--w- c:\documents and settings\david\IETldCache
2010-05-05 03:28 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-05 03:27 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-05 03:27 . 2010-05-08 20:24 -------- d-----w- c:\windows\ie8updates
2010-05-05 03:27 . 2010-02-16 04:50 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-05 03:25 . 2010-05-05 03:26 -------- dc-h--w- c:\windows\ie8
2010-05-05 02:55 . 2010-05-06 21:47 143480 ----a-w- c:\documents and settings\david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-05 02:44 . 2010-05-05 02:44 -------- d-sh--w- c:\documents and settings\david\UserData
2010-05-04 00:15 . 2010-05-04 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-04 00:15 . 2010-05-04 00:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-03 01:53 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-03 01:53 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-03 01:53 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-03 01:53 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-03 01:53 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-03 01:53 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-03 01:53 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-03 01:53 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-03 01:53 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\program files\Alwil Software
2010-05-03 01:53 . 2010-05-03 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-03 01:05 . 2010-05-05 02:56 -------- d-----w- c:\documents and settings\david\Application Data\IObit
2010-05-03 01:05 . 2010-05-04 23:15 -------- d-----w- c:\program files\IObit
2010-05-03 01:03 . 2010-05-08 01:36 -------- d-----w- c:\documents and settings\david\Application Data\U3
2010-05-02 16:43 . 2010-05-02 16:43 -------- d-----w- c:\documents and settings\david\Local Settings\Application Data\Scansoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 00:26 . 2009-12-21 19:05 -------- d-----w- c:\program files\Sony Online Entertainment
2010-05-07 00:18 . 2005-09-01 01:20 143480 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-03 01:51 . 2005-05-06 07:35 -------- d-----w- c:\program files\Symantec
2010-05-03 01:44 . 2005-05-06 07:00 -------- d-----w- c:\program files\WildTangent
2010-04-25 23:01 . 2006-01-09 20:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AdobeUM
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:10 . 2004-08-04 12:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 18:00 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"SBC Yahoo! Connection Manager"="c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 1028096]
"IPInSightMonitor 01"="c:\program files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 98304]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-06 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-5-6 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/2/2010 6:53 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/2/2010 6:53 PM 19024]

--- Other Services/Drivers In Memory ---

*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder

2009-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2005-11-04 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.detailedshow.org/ac.php?aid=357&sid=new
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-11 16:39:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 23:39
ComboFix2.txt 2010-05-08 20:49
ComboFix3.txt 2010-05-08 02:49

Pre-Run: 113,376,063,488 bytes free
Post-Run: 113,343,426,560 bytes free

- - End Of File - - 4AC40ED8C361A6456AAFE1846AE79EB3


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 12 May 2010 - 07:48 AM

Hi,

ComboFix may have deleted some legit files. Could you please go to C:\qoobox and post the content of combofix-quarantined-files.txt.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 12 May 2010 - 10:50 AM

As requested, here is the combofix-quarantined-files.txt file...


2010-05-11 23:30:40 . 2005-05-06 07:15:23 24,613 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\david\LOCALS~1\temp\IadHide5.dll.vir
2010-05-08 02:43:18 . 2004-05-01 06:01:14 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2010-05-08 02:29:29 . 2010-05-08 02:29:29 892 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_MYWEBSEARCHSERVICE.reg.dat
2010-05-08 02:29:14 . 2010-05-11 23:26:54 7,989 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-05-08 02:17:35 . 2010-05-08 02:17:35 869 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_PRAGMAsbcrpvcdbx.reg.dat
2010-05-08 02:16:44 . 2010-05-11 23:18:22 306 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-04-30 20:18:20 . 2010-05-01 21:05:36 2,096 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\fiosejgfse.dll.vir
2010-04-30 19:26:39 . 2010-05-07 00:17:36 1,153 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll.vir
2010-04-30 19:26:28 . 2010-05-07 23:55:24 147 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\PRAGMAsrcr.dat.vir
2010-04-30 19:26:25 . 2010-04-30 19:26:26 93 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\PRAGMAsbcrpvcdbx\PRAGMAcfg.ini.vir
2010-04-30 19:25:36 . 2010-04-30 19:26:47 8 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Favorites\_favdata.dat.vir
2005-05-06 07:14:56 . 2010-05-05 03:38:27 3,645 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\viassary-hp.reg.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:20 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrptb.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:22 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrptg.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:22 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrrus.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:24 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrsve.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:24 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrtha.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:26 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrtrk.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:18 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrnld.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:18 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrnor.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:20 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrplk.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:12 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrhun.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:14 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrita.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:14 151,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrjpn.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:16 147,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrkor.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:08 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfin.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:10 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfra.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:10 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfrc.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:12 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrheb.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:06 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxreng.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:30:38 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrenu.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:08 172,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxresp.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:02 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrcsy.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:04 163,840 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrdan.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:04 167,936 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrdeu.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:06 172,032 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrell.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:36:56 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrara.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:36:58 159,744 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrarb.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:00 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrchs.lrc.vir
2005-05-06 06:41:04 . 2005-01-23 17:37:00 143,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrcht.lrc.vir
2003-07-14 19:30:27 . 2003-07-14 19:30:27 34,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\patch.exe.vir


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 12 May 2010 - 11:42 AM

Open notepad and copy/paste the text in the codebox below into it:

CODE
@echo off
for %%g in (
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrptb.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrptg.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrrus.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrsve.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrtha.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrtrk.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrnld.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrnor.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrplk.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrhun.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrita.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrjpn.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrkor.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfin.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfra.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrfrc.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrheb.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxreng.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrenu.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxresp.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrcsy.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrdan.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrdeu.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrell.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrara.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrarb.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrchs.lrc.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\igfxrcht.lrc.vir
) do zip Files_for_submission %%g
del %0

Save this as zip.bat
Choose to "Save type as - All Files"
Save it on your desktop.
It should look like this:
Double click on zip.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop. Please upload that file here --> http://www.bleepingcomputer.com/submit-malware.php?channel=4

Let me know if that worked.

regards myrti

Edited by myrti, 12 May 2010 - 11:43 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 12 May 2010 - 01:21 PM

Myrti:

I created the batch file but it would not create the .zip file that you wanted. I can manually zip up those files if that would be easier.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 12 May 2010 - 02:50 PM

Hi,

yes please do so. I'm having no luck with this batch, even so it is working on my own PC.

Let me know once you have submitted them.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 12 May 2010 - 03:17 PM

Myrti:

I zipped them up and submitted the file, at least I think I did. I did not get any sort of confirmation that the upload was completed successfully. Let me know if I need to re-submit. Thanks.

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:24 PM

Posted 12 May 2010 - 04:29 PM

Hi,

I don't see it. Do you know how big the attachment was? Did you get an error message?

Could you please try to resubmit it here: http://www.bleepingcomputer.com/submit-mal...php?channel=100

You should see the following message:
QUOTE
Your file was successfully submitted. Please let the user helping you know that you have submitted the file.


Depending on how big the file is, this may take some time.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 DDGSnipe

DDGSnipe
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 12 May 2010 - 04:56 PM

Myrti:

It is 1.24 MB. It should be there now. I got the message that I successfully submitted the file that time. On the previous attempt, I did not get an error, just a blank page.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users