Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win xp cannot open in safe mode


  • This topic is locked This topic is locked
9 replies to this topic

#1 spivuk

spivuk

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 27 July 2010 - 07:18 PM

Hi, my computer has been getting chkdisc nags and windows firewall nags " No firewall is in place" when my norton says it is working fine. I tried smitfraudfix and ran it in reg mode, but the computer won't open in safe mode anymore. on the advise of a IT manager I d/l combofix and read all the instructions and follwed them exactly. I am including the log. Thanks for your help Spiv.

ComboFix 10-07-26.04 - HP_Administrator 07/27/2010 18:09:29.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.330 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.

2010-07-25 19:40 . 2010-07-25 19:40 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Yahoo
2010-07-25 19:40 . 2010-07-25 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-25 19:40 . 2010-07-25 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-14 13:59 . 2010-07-14 13:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-07-13 21:53 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-05 21:26 . 2010-07-11 06:17 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AskToolbar
2010-07-05 20:37 . 2010-07-05 20:37 -------- d-----w- c:\program files\Ask.com
2010-07-05 20:14 . 2010-07-05 20:14 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 23:14 . 2008-02-17 20:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\OpenOffice.org2
2010-07-26 11:08 . 2010-03-27 15:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\RayV
2010-07-25 19:40 . 2007-01-21 23:22 -------- d-----w- c:\program files\Yahoo!
2010-07-22 03:19 . 2008-04-27 19:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2010-07-13 15:39 . 2006-12-30 17:00 56 --sh--r- c:\windows\system32\76C82B36B8.sys
2010-07-13 15:39 . 2006-12-30 17:00 2724 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-07-05 20:37 . 2008-04-27 19:40 -------- d-----w- c:\program files\LimeWire
2010-07-05 20:15 . 2006-08-09 03:53 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 20:13 . 2006-08-09 03:53 -------- d-----w- c:\program files\Java
2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 07:01 . 2009-04-20 16:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-05 04:17 . 2006-08-20 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-05 03:28 . 2006-08-20 20:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-05 03:08 . 2006-09-02 15:02 -------- d-----w- c:\program files\Lavasoft
2010-06-05 03:08 . 2010-05-12 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-19 22:44 . 2010-05-19 22:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-19 22:44 . 2010-05-19 22:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-17 02:55 . 2006-08-09 04:28 109592 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-12 17:20 . 2010-05-12 17:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-04 17:20 . 2004-08-10 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22 . 2004-08-10 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-17 03:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-17 03:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 16:11 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-12-20 204800]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"lxdumon.exe"="c:\program files\Lexmark 5600-6600 Series\lxdumon.exe" [2009-05-11 684712]
"lxduamon"="c:\program files\Lexmark 5600-6600 Series\lxduamon.exe" [2009-05-11 16040]
"Lexmark 5600-6600 Series Fax Server"="c:\program files\Lexmark 5600-6600 Series\fm3032.exe" [2009-05-11 311976]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2010-2-14 95232]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 06:19 77312 ------w- c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-30 04:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 01:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-01-25 02:15 7311360 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-01-25 02:15 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 09:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 11:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1107000.00C\symds.sys [5/24/2010 7:24 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1107000.00C\symefa.sys [5/24/2010 7:24 PM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [7/12/2010 7:56 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1107000.00C\cchpx86.sys [5/24/2010 7:24 PM 501888]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/12/2010 1:20 PM 95024]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1107000.00C\ironx86.sys [5/24/2010 7:24 PM 116784]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe [5/24/2010 7:24 PM 126392]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe [5/20/2010 3:29 PM 115056]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe [5/20/2010 3:29 PM 126392]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/1/2007 2:50 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 4:58 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100723.001\IDSXpx86.sys [7/23/2010 8:45 PM 331640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 8:17 PM 135664]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [1/4/2010 1:12 PM 98984]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [4/30/2010 7:23 PM 25728]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys --> c:\windows\system32\Drivers\usb2vcom.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:17]

2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:17]

2010-07-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-03-28 16:11]

2010-07-27 c:\windows\Tasks\User_Feed_Synchronization-{1A434549-38DE-4F3E-81EB-D78E867096C7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: aol.com\free
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
HKCU-Run-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
HKLM-Run-zzzHPSETUP - E:\Setup.exe
HKLM-Run-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DISCover - c:\program files\DISC\DISCover.exe
MSConfigStartUp-DiscUpdateManager - c:\program files\DISC\DiscUpdMgr.exe
MSConfigStartUp-DMAScheduler - c:\program files\HP DigitalMedia Archive\DMAScheduler.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HPBootOp - c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
MSConfigStartUp-HPDJ Taskbar Utility - c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
MSConfigStartUp-HPHUPD08 - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
MSConfigStartUp-TI WLAN - c:\program files\ZyXEL\G-302v2\G-302v2.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-27 19:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.3.263\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4816)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxducoms.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.BIN
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
.
**************************************************************************
.
Completion time: 2010-07-27 19:27:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-27 23:27

Pre-Run: 37,634,449,408 bytes free
Post-Run: 39,115,563,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 97D256DAF121F0F2A1A96BF5CC1702FC


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 06 August 2010 - 05:17 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 spivuk

spivuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 07 August 2010 - 02:37 PM

I tried running GMER, the first time it just hung up for over an hour and wouldn't close causing me to restart, I deleted that file and d/l another GMEr file from same place, this time the computer shut itself down during the run. Restrarted and tried again it hung up for an hour, but did let me close it after a long while. I cannot open my rig in safe mode to run it that way. Thanks tim

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 07 August 2010 - 02:48 PM

Try to run GMER with only the Sections option checked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 spivuk

spivuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 07 August 2010 - 03:29 PM

Thanks for your help. Here is the GMEr log which I ran with sections tagged only. Tim

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 16:13:32
Windows 5.1.2600 Service Pack 3
Running: 460fgvzu.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uxldapob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C00 8050449C 8 Bytes CALL 68D61E69
.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 805044E8 4 Bytes CALL CEF4CA9C
.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 4 Bytes CALL 3ED5AAF5
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF63F8360, 0x20574D, 0xE8000020]

---- EOF - GMER 1.0.15 ----


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 08 August 2010 - 01:33 AM

Please post also the OTL logs together with a description of the problems you are still having.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 spivuk

spivuk
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 08 August 2010 - 09:50 AM

My main problem is that I cannot open in safe mode, also there is a windows security alert ballon when I restart computer saying no firewall is in place ( Norton is working fine) and I get a nag sayine such and such file is unreadable and corrupt run chkdisk utility, last time I did that the computer slowed way down and the nag just kept reoccurring, it happens whenever I try to clean the computer of viruses, including during combofix.

Otl logs and extras

OTL logfile created on: 8/7/2010 12:51:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.62 Gb Total Space | 35.08 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 0.56 Gb Free Space | 6.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.64 Gb Total Space | 695.32 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

Computer Name: DAD
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/07 00:50:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
PRC - [2010/07/21 16:50:08 | 000,115,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe
PRC - [2009/07/30 17:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2009/07/06 18:33:20 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009/07/06 17:44:14 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009/07/06 17:43:44 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009/07/06 17:20:56 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009/07/06 17:20:32 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009/05/27 15:46:52 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/05/11 13:02:50 | 000,684,712 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2009/05/11 13:02:48 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/12 11:18:06 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxducoms.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/13 19:51:24 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
PRC - [2007/11/13 19:49:22 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/06/25 13:53:35 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2001/12/20 02:59:00 | 000,204,800 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\iTouch\iTouch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/07 00:50:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/07/21 16:50:08 | 000,115,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe -- (NAV)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/08/24 18:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.3.263\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/23 08:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/05/23 08:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usb2vcom.sys -- (usb2vcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/19 19:28:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100719.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/13 21:00:28 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100806.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 21:00:27 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100806.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 15:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100805.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/27 00:18:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 00:18:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/19 18:44:20 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/12 13:20:07 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/07/02 14:42:14 | 000,025,728 | ---- | M] (HTC1124 Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/05 12:04:34 | 000,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2007/06/17 14:54:55 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/24 22:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsx)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
DRV - [2001/12/19 05:42:00 | 000,067,694 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/12/19 05:42:00 | 000,050,990 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/12/19 05:42:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/12/17 05:42:00 | 000,010,496 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/05/25 17:35:58 | 000,000,000 | ---D | M]

[2009/12/24 20:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/03/31 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/03 21:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ectlgrl7.default\extensions
[2009/09/11 18:22:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ectlgrl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 19:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ectlgrl7.default\extensions\firefox@tvunetworks.com
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/07/31 16:13:11 | 000,414,870 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14347 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: //@mail.mar@ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: //@signup.mar@ ([]msn in My Computer)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2021832364-1964288491-3821631829-1007\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1170369746359 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Reg Error: Value error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/09 00:42:19 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/07 00:50:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/07/27 17:59:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/27 17:54:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/27 17:54:47 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/27 17:54:47 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/27 17:54:47 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/27 17:54:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/27 17:50:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/26 07:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix
[2010/07/25 15:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Yahoo
[2010/07/25 15:40:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/07/25 15:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/07/14 09:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/07/13 17:53:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/01/04 13:04:29 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDUhcp.dll
[2010/01/04 13:04:29 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduinpa.dll
[2010/01/04 13:04:29 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduiesc.dll
[2010/01/04 13:04:28 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduserv.dll
[2010/01/04 13:04:28 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduusb1.dll
[2010/01/04 13:04:28 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdupmui.dll
[2010/01/04 13:04:28 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdulmpm.dll
[2010/01/04 13:04:27 | 000,679,936 | ---- | C] ( ) -- C:\WINDOWS\System32\lxduhbn3.dll
[2010/01/04 13:04:26 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomc.dll
[2010/01/04 13:04:26 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxducomm.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/07 00:55:00 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1A434549-38DE-4F3E-81EB-D78E867096C7}.job
[2010/08/07 00:52:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/08/07 00:50:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2010/08/07 00:45:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 00:44:11 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/08/07 00:44:05 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/07 00:43:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/07 00:43:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/07 00:42:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/07 00:42:42 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/07 00:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/07 00:01:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/04 03:21:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/08/04 03:21:05 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\NTUSER.DAT
[2010/07/31 16:18:21 | 000,064,015 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.MMSW
[2010/07/31 16:18:14 | 000,064,015 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.TMB
[2010/07/31 16:13:11 | 000,414,870 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/29 07:36:15 | 000,015,510 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tim%20Marks%20%20%20%20%20%20%20%20%209357%20Ourtime%20Lane%20Columbia%20MD%2021045.doc_0.odt
[2010/07/28 14:35:57 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tim Marks 9357 Ourtime Lane Columbia MD 21045.doc
[2010/07/28 12:08:33 | 000,002,724 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/28 12:08:33 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\76C82B36B8.sys
[2010/07/27 19:16:00 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/27 19:14:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100731-161311.backup
[2010/07/27 18:00:02 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/27 17:53:50 | 003,745,790 | R--- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/26 07:10:18 | 001,872,472 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe
[2010/07/23 00:50:34 | 002,205,544 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\IconCache.db
[2010/07/20 23:26:50 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 23:14:17 | 000,064,013 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial[1].TMB
[2010/07/19 23:12:21 | 000,063,988 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.BK
[2010/07/19 23:07:47 | 000,064,010 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\noname0.TBK
[2010/07/18 16:49:54 | 000,194,937 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\judas.TMB
[2010/07/18 14:41:19 | 000,028,363 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\noname2.TMB
[2010/07/15 03:03:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/14 22:47:16 | 000,002,099 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Movie Magic Screenwriter 6.lnk
[2010/07/14 15:38:00 | 000,063,960 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewelyn.TMB
[2010/07/13 11:48:18 | 000,130,564 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\emurevised.jpg
[2010/07/13 11:46:50 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Montgomery Refinishing8111 Cessna Ave Unit EGaithersburg MD 20879Hi.doc
[2010/07/12 19:18:03 | 000,349,006 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\printresume.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/31 16:18:14 | 000,064,015 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.TMB
[2010/07/29 12:09:03 | 000,015,510 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Tim%20Marks%20%20%20%20%20%20%20%20%209357%20Ourtime%20Lane%20Columbia%20MD%2021045.doc_0.odt
[2010/07/28 14:35:57 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Tim Marks 9357 Ourtime Lane Columbia MD 21045.doc
[2010/07/27 17:54:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/27 17:54:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/27 17:54:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/27 17:54:47 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/27 17:54:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/27 17:53:15 | 003,745,790 | R--- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
[2010/07/26 07:09:53 | 001,872,472 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SmitfraudFix.exe
[2010/07/23 00:52:23 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/19 23:14:17 | 000,064,013 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial[1].TMB
[2010/07/19 23:12:20 | 000,064,015 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.MMSW
[2010/07/19 23:12:20 | 000,063,988 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewpartial.BK
[2010/07/18 16:49:54 | 000,194,937 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\judas.TMB
[2010/07/13 11:47:59 | 000,130,564 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\emurevised.jpg
[2010/07/13 11:46:47 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Montgomery Refinishing8111 Cessna Ave Unit EGaithersburg MD 20879Hi.doc
[2010/07/12 19:08:18 | 000,349,006 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\printresume.jpg
[2010/07/08 09:04:33 | 000,063,960 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\llewelyn.TMB
[2010/05/12 12:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/01/04 13:12:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxduvs.dll
[2010/01/04 13:12:47 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxducoin.dll
[2010/01/04 13:10:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxducaps.dll
[2010/01/04 13:10:49 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdudrs.dll
[2010/01/04 13:10:49 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxducnv4.dll
[2010/01/04 13:09:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDUPMON.DLL
[2010/01/04 13:09:37 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDUFXPU.DLL
[2010/01/04 13:09:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxduoem.dll
[2010/01/04 13:05:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdurwrd.ini
[2010/01/04 13:04:29 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDUinst.dll
[2010/01/04 13:04:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdugrd.dll
[2009/05/04 15:03:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2009/05/04 14:53:28 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2009/05/04 14:53:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/12/13 13:55:26 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/08/16 06:48:14 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/07/02 10:38:15 | 000,000,364 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/06/24 20:25:11 | 000,000,132 | ---- | C] () -- C:\WINDOWS\STW-PDF.INI
[2007/04/22 18:21:40 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/04/22 18:21:40 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2006/12/30 13:00:13 | 000,002,724 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/30 13:00:13 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\76C82B36B8.sys
[2006/12/28 17:04:03 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\TnetWCoInst.dll
[2006/10/22 21:26:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2006/09/06 21:44:13 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/09/06 21:41:52 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/30 15:32:30 | 000,010,030 | ---- | C] () -- C:\WINDOWS\SCWRITER.INI
[2006/08/16 22:52:00 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/08/16 09:38:56 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2006/08/15 20:52:38 | 000,000,420 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2006/08/15 20:52:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Pf_setup.ini
[2006/08/09 01:12:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/09 00:51:10 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/09 00:46:00 | 000,014,316 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/09 00:45:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/09 00:42:35 | 000,000,174 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/09 00:38:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/09 00:30:11 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/09 00:29:31 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/09 00:10:59 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/09 00:07:58 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/09 00:07:58 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/09 00:07:57 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/09 00:07:57 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/09 00:07:57 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/09 00:07:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/09 00:07:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/09 00:06:33 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/08 23:45:17 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/07/07 01:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1320 bytes -> C:\Program Files\Outlook Express:cCUNpwPG4MqBaawlG2Sv1KP
@Alternate Data Stream - 1273 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:DyoXsa41jBhFjrKGClnKNfpG
@Alternate Data Stream - 1233 bytes -> C:\Program Files\Common Files\System:m9EXEdMmPx5pns6SpOqxBKFfgGY
@Alternate Data Stream - 1194 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:VRQFt9XgSvowyXa43NyymE51S6T0
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 1092 bytes -> C:\Program Files\Outlook Express:7eGER9fAjPoBKRVNVLFn
< End of report >

OTL Extras logfile created on: 8/7/2010 12:51:24 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 65.62 Gb Total Space | 35.08 Gb Free Space | 53.46% Space Free | Partition Type: NTFS
Drive D: | 8.89 Gb Total Space | 0.56 Gb Free Space | 6.26% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 698.64 Gb Total Space | 695.32 Gb Free Space | 99.53% Space Free | Partition Type: NTFS

Computer Name: DAD
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server -- ( )
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19FDB8E4-59AD-4330-9667-E8DCAF018DD3}" = Unload
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2F29D6D2-824E-4FEF-8AED-7013F39F642A}" = OpenOffice.org 2.3
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39940ED0-EAA2-012B-ADF1-000000000000}" = TurboTax 2009 wmdiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{595ED82D-446E-4C0B-B327-216AE31E9471}" = TurboTax 2008 wmdiper
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{94F6AE6D-3339-4FC9-9BD2-C6B82D975DBF}" = HTC Sync
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}" = Movie Magic Screenwriter 6
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E33956B7-301C-429D-9E6C-2C12EACB8A62}" = NWZ-E340 WALKMAN Guide
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Auto Care" = Auto Care
"AwayMode160" = Microsoft Away Mode
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"LimeWire" = LimeWire 5.5.10
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NAV" = Norton AntiVirus
"Netscape Browser" = Netscape Browser (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/31/2010 12:56:00 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:56:04 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:56:44 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:57:09 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:57:37 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:57:45 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:58:20 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:58:38 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/31/2010 12:58:39 AM | Computer Name = DAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17055, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/1/2010 1:22:59 AM | Computer Name = DAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 8/5/2010 11:03:45 PM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/5/2010 11:03:45 PM | Computer Name = DAD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService
service to connect.

Error - 8/5/2010 11:03:45 PM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 8/5/2010 11:03:45 PM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/6/2010 11:16:14 PM | Computer Name = DAD | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe"
-Embedding

Error - 8/6/2010 11:46:22 PM | Computer Name = DAD | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Yahoo!\Companion\Installs\cpn\ytbb.exe"
-Embedding

Error - 8/7/2010 12:44:07 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The Zune Bus Enumerator Driver service failed to start due to the
following error: %%2

Error - 8/7/2010 12:44:07 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxduCATSCustConnectService
service to connect.

Error - 8/7/2010 12:44:07 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The lxduCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 8/7/2010 12:44:07 AM | Computer Name = DAD | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 08 August 2010 - 11:27 AM

Lets see what we can do about that . smile.gif

First of all, see if the following gets safe mode working.

Please download SafeBootKeyRepair.exe by sUBs to repair Safe Mode.

http://download.bleepingcomputer.com/sUBs/...otKeyRepair.exe

To run SafeBootKeyRepair.exe:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click the SafeBootKeyRepair.exe file.
When finished, it shall produce a log for you.
3. Post the entire contents of C:\SafeBoot_Repair.txt in your next reply.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 16 August 2010 - 06:32 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:08 AM

Posted 30 August 2010 - 08:24 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users