Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-directs - explorer doesn't load properly


  • This topic is locked This topic is locked
28 replies to this topic

#1 MPD1981

MPD1981

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 02 November 2010 - 05:20 PM

About 4 days ago, I got notifications that my computer was infected with malware. I ran MalwareBytes Anti-Malware and the first scan showed about 54 infected files. I was able to remove about 50 of them and did several more scans until I got zero infected files.

Whenever I start my computer and Windows loads, I see the hourglass icon on the taskbar and start menu and the clock freezes to whatever time Windows loaded at. I am able to load Firefox, but it is very slow and I am unable to open more than one tab at a time. If I am able to go to Google, if I search for something and click on a link, I am re-directed to a completely different site. (I've seen "GimmeAnswers")

I ran SpyBot Search and Destroy last night and that removed a few things, but nothing out of the ordinary (at least in my opinion).

Last night, I removed Avast and replaced it with AVG. Windows still does not load properly.

I have attempted to run DDS in both normal and safe modes, but I have not had any success. The scan does not complete and I do not receive a log. I was able to run HiJackThis. Forgive me if I have made a mistake in posting the log...I'm in Safe Mode and the resolution is frustrating.

Any help would be appreciated! This is driving me crazy. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:42 PM, on 11/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\imapi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temp\1E.tmp\mbr.dat
C:\Program Files\AVG\AVG10\avgmfapx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bostondirtdogs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [NexusServer] "C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14054 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 09 November 2010 - 08:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 November 2010 - 10:48 AM

Hi myrti,

Thanks for getting back to me. Since my initial post, I have done the following (as far as I can remember):
I removed both Avast and AVG and did a scan using TDSSKiller. TDSS Killer found a rootkit called, "kungsfodjvagoh," which I ended up deleting. Since I did that, I was finally able to run DDS successfully. I also updated Adobe Reader and Java. Since then, the computer starts up, but I'm still seeing the hourglass icon and I am unable to access the start menu and task bar. However, once I run Spybot Search and Destroy, the computer works fine. The only problem is, that takes at least 30 minutes, so it's not ideal.

I am currently not near the infected computer, but I will be later on today. With the new information that I provided, should I still run OTL? Should I run DDS as well?

Thank you for your help!

#4 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 09 November 2010 - 04:44 PM

OTL Extras logfile created on: 11/9/2010 4:19:17 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.54 Gb Total Space | 98.22 Gb Free Space | 43.55% Space Free | Partition Type: NTFS
Drive D: | 7.32 Gb Total Space | 1.89 Gb Free Space | 25.76% Space Free | Partition Type: FAT32
Drive G: | 3.68 Gb Total Space | 2.84 Gb Free Space | 77.29% Space Free | Partition Type: FAT

Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\1154672429\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1154672429\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1154672429\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1154672429\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe" = C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0100B677-700A-44B1-B9E0-9180C215ECE0}" = Avid Xpress Pro HD
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07070EAB-9349-4F6C-AC13-AEFE436F9775}" = D-link AirPlus G DWL-G120 Wireless USB Adapter
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}" = HP Image Zone Plus 4.2.3
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7
"{1CF7A444-BEDA-4980-B493-01528F888A8A}" = 21_22_Trb
"{1E168EEC-F2F2-4147-9AFE-8679A8D8EF9F}" = Avid DIO Runtime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{30C94E64-E4D5-4173-BD01-BCF66FDB82CB}" = 2170
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6
"{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0
"{547D4265-AF45-42E9-A62A-C58182AA35B9}" = Sentinel Protection Installer 7.0.0
"{561A9B4E-2E48-4149-B977-59C7AFF62B52}" = HPIZ423
"{578596FF-7F65-4767-9F90-37920741148C}" = MSN Toolbar Platform
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5FAB6A66-2DAC-11D4-8524-00C04F602FD3}" = Adobe After Effects 5.0
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{70029AF8-9C89-4170-A642-78DC5E2703F1}" = 2170Tour
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746EC26B-9A80-4FD5-9861-545E0CD2A795}" = Mega Manager
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C8C9A65-10AE-4EDD-B4F9-6654E1313113}" = 2170_Help
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.0
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD
"{B28759B8-5FC6-4F56-9C6C-6EDAD36455A9}" = Roxio Media Manager
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D2A15B99-B6AC-4B2C-B953-FFC01042ECA3}" = Sonic DVDit!
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EC6EDCB1-2379-482F-9A93-293DFF7B1226}" = WalkerFX 2.2 Professional Edition
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE64A793-CD35-4950-B878-C9D1A4AC9ECC}" = Avid Codecs LE
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AIM Gadgets 2.8" = AIM Gadgets 2.8
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audio Record Wizard_is1" = Audio Record Wizard v3.95
"BackWeb-309731 Uninstaller" = Updates from HP
"BlackBerry_{CE5E3F15-320A-4865-97D3-F07227C5BB2F}" = BlackBerry Desktop Software 4.5
"CAL" = Canon Camera Access Library
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Cleaner 5 EZ" = Cleaner 5 EZ
"ConvertMovie 3.0" = ConvertMovie 3.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro_is1" = Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.12
"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects
"DivX Codec" = Remove DivX Pro Codec
"DivX Player" = DivX Player
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"FLAC" = FLAC 1.2.1b (remove only)
"FLVPlayer" = FLV Player 1.3.3
"GenArts Sapphire Plug-ins Version 1.07 for After Effects" = GenArts Sapphire Plug-ins Version 1.07 for After Effects
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_VideoWave_V1_0" = MGI VideoWave III (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QCP Converter" = QCP Converter
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"WavePad" = WavePad Uninstall
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2010 5:01:03 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Java 2 Runtime Environment, SE v1.4.2_03 -- Error 1327.Invalid
Drive: M:\

Error - 11/5/2010 5:29:40 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 6.0.1 -- Error 1327.Invalid Drive: M:\

Error - 11/5/2010 5:54:24 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 6.0.1 -- Error 1327.Invalid Drive: M:\

Error - 11/6/2010 1:01:58 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 9.4.0 -- Error 1327.Invalid Drive: M:\

Error - 11/6/2010 1:04:04 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Java Auto Updater -- Error 1327.Invalid Drive: M:\

Error - 11/6/2010 9:02:11 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11327
Description = Product: Adobe Reader 6.0.1 -- Error 1327.Invalid Drive: M:\

Error - 11/7/2010 7:19:10 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 11/7/2010 7:19:19 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Professional with FrontPage - Update
'{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 11/7/2010 10:26:33 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 11/7/2010 10:26:38 PM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Professional with FrontPage - Update
'{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ System Events ]
Error - 11/7/2010 6:14:37 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The Avid Startup service terminated unexpectedly. It has done this
1 time(s).

Error - 11/7/2010 7:19:24 PM | Computer Name = DESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.

Error - 11/7/2010 7:30:36 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/7/2010 7:30:45 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The Avid Startup service terminated unexpectedly. It has done this
1 time(s).

Error - 11/7/2010 10:26:44 PM | Computer Name = DESKTOP | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.

Error - 11/8/2010 6:15:26 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/8/2010 6:15:29 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The Avid Startup service terminated unexpectedly. It has done this
1 time(s).

Error - 11/8/2010 8:06:58 PM | Computer Name = DESKTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 11/9/2010 4:40:02 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 11/9/2010 4:40:04 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The Avid Startup service terminated unexpectedly. It has done this
1 time(s).


< End of report >



OTL logfile created on: 11/9/2010 4:19:17 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.54 Gb Total Space | 98.22 Gb Free Space | 43.55% Space Free | Partition Type: NTFS
Drive D: | 7.32 Gb Total Space | 1.89 Gb Free Space | 25.76% Space Free | Partition Type: FAT32
Drive G: | 3.68 Gb Total Space | 2.84 Gb Free Space | 77.29% Space Free | Partition Type: FAT

Computer Name: DESKTOP | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/09 10:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2010/10/28 16:13:17 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 16:13:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/11/17 23:17:12 | 000,049,152 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\AvidSDMService.exe
PRC - [2005/09/21 14:32:56 | 002,807,808 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
PRC - [2005/09/21 09:24:02 | 000,086,016 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/05/03 17:43:28 | 000,069,632 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
PRC - [2004/11/10 23:15:31 | 000,111,816 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2004/10/21 21:25:36 | 000,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
PRC - [2004/10/21 20:39:48 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/12/23 17:02:34 | 000,241,664 | ---- | M] (D-Link) -- C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
PRC - [2002/10/16 18:57:10 | 000,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\ps2.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/09 10:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/10/21 21:25:35 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\IadHide5.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/11/17 23:17:12 | 000,049,152 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AvidSDMService.exe -- (AvidSDMService)
SRV - [2005/11/17 23:16:32 | 001,323,008 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2004/03/19 01:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/23 19:51:24 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/09/23 17:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/04 11:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/09/24 12:38:40 | 000,012,928 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/09/10 07:00:00 | 000,027,056 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2004/08/03 22:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2004/08/03 21:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2004/04/27 00:31:14 | 000,135,168 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/11 15:12:46 | 000,336,800 | ---- | M] (GlobespanVirata, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/26 23:21:24 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/06/26 23:21:24 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/06/26 23:21:24 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2003/06/26 23:21:22 | 000,259,328 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/06/04 16:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2001/02/01 15:10:12 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bostondirtdogs.com/
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bostondirtdogs.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {02142BA3-1786-4529-BFB2-20494AEEFF28}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\Firefox [2010/09/23 19:59:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/24 16:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{02142BA3-1786-4529-BFB2-20494AEEFF28}: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28} [2010/10/29 16:32:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 21:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 09:21:38 | 000,000,000 | ---D | M]

[2009/06/21 08:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2010/11/08 18:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\extensions
[2010/09/27 17:12:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007/11/20 16:49:32 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2007/09/19 19:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\extensions\videodowloader@videodownloader.net
[2010/09/23 21:25:16 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\searchplugins\bing.xml
[2010/11/08 18:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/06 00:03:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/06 00:03:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/12/02 17:49:36 | 000,361,531 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12430 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-3941964929-2857889352-1164583865-1009\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\D-link AirPlus G DWL-G120 Wireless USB.lnk = C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe (D-Link)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll File not found
O9 - Extra Button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe File not found
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/11 14:04:43 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 22:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a095ce3e-7fb2-11d9-b16d-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a095ce3e-7fb2-11d9-b16d-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
MsConfig - StartUpReg: ATIPTA - hkey= - key= - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LSBWatcher - hkey= - key= - c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSN Toolbar - hkey= - key= - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe (Microsoft Corp.)
MsConfig - StartUpReg: NexusServer - hkey= - key= - C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RoxioDragToDisc - hkey= - key= - C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CDVC - C:\WINDOWS\System32\cdvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 16:17:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/11/08 22:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\Smokeshow
[2010/11/08 18:13:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/07 18:30:04 | 000,000,000 | ---D | C] -- C:\My Documents
[2010/11/07 18:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\HP_Owner\IETldCache
[2010/11/07 18:27:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/07 18:25:29 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/11/07 18:23:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/06 09:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/06 00:03:53 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/06 00:03:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/06 00:03:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/06 00:03:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/06 00:03:53 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/06 00:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/04 15:00:55 | 001,329,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe
[2010/11/04 15:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\tdsskiller
[2010/11/03 17:25:19 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Owner\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/03 16:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/11/02 19:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\gmer
[2010/11/02 17:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/01 16:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Desktop\Erunt Backup
[2010/11/01 16:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/01 16:42:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Owner\Desktop\erunt-setup.exe
[2010/10/31 21:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\AVG10
[2010/10/31 21:20:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/10/31 10:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/31 10:25:57 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\HP_Owner\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/10/29 16:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}
[2010/10/29 16:31:20 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/10/29 16:31:20 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/10/29 16:30:58 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/10/29 16:30:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/10/29 16:30:42 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/10/29 16:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/29 16:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2006/11/26 13:47:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.sys
[2004/10/21 19:44:04 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/09 15:44:55 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/11/09 15:44:02 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/09 15:44:02 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/09 15:40:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/09 15:39:35 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/09 15:39:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/09 15:39:23 | 2146,816,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/09 10:22:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2010/11/08 22:08:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/08 18:48:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2010/11/08 18:34:53 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{534D3CCC-ABF2-4BDE-8C26-B1F2AF8F3918}.job
[2010/11/07 18:30:06 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/06 09:21:39 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/06 00:03:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/06 00:03:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/06 00:03:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/06 00:03:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/06 00:03:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/05 23:58:04 | 079,578,904 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u22-windows-i586.exe
[2010/11/04 15:21:01 | 000,007,065 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Attach.zip
[2010/11/04 13:24:36 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2010/11/04 11:04:22 | 001,213,675 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\tdsskiller.zip
[2010/11/03 17:25:20 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Owner\Desktop\avg_remover_stf_x86_2011_1149.exe.to_delete
[2010/11/03 17:24:21 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\RKUnhookerLE.EXE
[2010/11/03 09:12:46 | 001,329,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\HP_Owner\Desktop\TDSSKiller.exe
[2010/11/03 07:18:02 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.com
[2010/11/02 19:30:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Owner\defogger_reenable
[2010/11/02 19:29:38 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Defogger.exe
[2010/11/02 17:16:15 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2010/11/01 16:43:09 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2010/11/01 12:29:18 | 000,626,176 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2010/11/01 12:29:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Owner\Desktop\erunt-setup.exe
[2010/10/31 20:59:56 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\config.nt
[2010/10/31 16:59:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/31 10:25:58 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\HP_Owner\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/10/29 16:32:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xmapidelujo.dat
[2010/10/29 16:32:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jtureceweweci.bin
[2010/10/29 16:30:14 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Application Data\ahfg.bat
[2010/10/28 17:36:44 | 000,331,724 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Meth Andover2.mov
[2010/10/28 17:35:43 | 000,103,928 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\meth andover.aep
[2010/10/28 17:32:24 | 000,074,305 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Meth Biller.psd
[2010/10/28 17:22:45 | 000,269,505 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Meth Andover1.mov
[2010/10/28 17:18:46 | 000,068,157 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\sept.psd
[2010/10/28 17:04:30 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/10/28 16:56:08 | 000,123,904 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 16:32:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/26 17:07:04 | 000,025,992 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\M.png
[2010/10/26 16:59:31 | 000,093,683 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\METHUEN_WEBSITE_Banner.jpg
[2010/10/24 20:03:46 | 005,508,770 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shaq Harvard Square CNN.mp4
[2010/10/24 20:02:16 | 009,519,826 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shaq Harvard Square WCVB.mp4
[2010/10/21 16:08:53 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2010/10/15 17:02:51 | 000,073,739 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\michael-downing-5_weekly-cinema-springfield-ma.pdf
[2010/10/15 15:25:01 | 000,360,889 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\97 VJW Roster.pdf
[2010/10/11 20:18:19 | 019,215,656 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Zak G Mixdown.mov
[2010/10/11 20:13:24 | 000,495,104 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Zack G Blow You2.wav
[2010/10/11 20:12:09 | 000,468,488 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Zack G Blow You.wav
[2010/10/11 20:09:10 | 000,436,488 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\It's Kind Of A Funny Story.wav
[2010/10/11 20:05:36 | 000,067,280 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g copy.png
[2010/10/11 20:00:49 | 000,306,584 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g.psd
[2010/10/11 19:57:10 | 002,119,434 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g.tif
[2010/10/11 19:48:39 | 116,086,868 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\It's Kind Of A Funny Story.mov
[2010/10/11 15:50:41 | 051,268,255 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\TR101110_Hour1.MP3
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/06 09:21:39 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/05 23:58:04 | 079,578,904 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\jdk-6u22-windows-i586.exe
[2010/11/05 16:20:48 | 2146,816,000 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/04 15:21:01 | 000,007,065 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Attach.zip
[2010/11/04 14:57:40 | 001,213,675 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\tdsskiller.zip
[2010/11/03 17:24:20 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\RKUnhookerLE.EXE
[2010/11/03 16:26:29 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.com
[2010/11/02 19:30:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Owner\defogger_reenable
[2010/11/02 19:29:38 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Defogger.exe
[2010/11/02 17:16:13 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\gmer.zip
[2010/11/01 16:43:09 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\ERUNT.lnk
[2010/11/01 16:42:41 | 000,626,176 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\dds.scr
[2010/10/31 16:59:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/30 16:22:18 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\rkill.com
[2010/10/29 16:32:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xmapidelujo.dat
[2010/10/29 16:32:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jtureceweweci.bin
[2010/10/29 16:30:14 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ahfg.bat
[2010/10/28 17:33:30 | 000,331,724 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Meth Andover2.mov
[2010/10/28 17:21:06 | 000,269,505 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Meth Andover1.mov
[2010/10/28 17:19:33 | 000,103,928 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\meth andover.aep
[2010/10/26 17:07:00 | 000,025,992 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\M.png
[2010/10/26 16:59:30 | 000,093,683 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\METHUEN_WEBSITE_Banner.jpg
[2010/10/24 20:03:46 | 005,508,770 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shaq Harvard Square CNN.mp4
[2010/10/24 20:02:16 | 009,519,826 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shaq Harvard Square WCVB.mp4
[2010/10/15 17:02:58 | 000,073,739 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\michael-downing-5_weekly-cinema-springfield-ma.pdf
[2010/10/15 15:24:49 | 000,360,889 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\97 VJW Roster.pdf
[2010/10/11 20:18:18 | 019,215,656 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Zak G Mixdown.mov
[2010/10/11 20:13:24 | 000,495,104 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Zack G Blow You2.wav
[2010/10/11 20:12:08 | 000,468,488 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Zack G Blow You.wav
[2010/10/11 20:09:09 | 000,436,488 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\It's Kind Of A Funny Story.wav
[2010/10/11 20:01:47 | 000,067,280 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g copy.png
[2010/10/11 20:00:49 | 000,306,584 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g.psd
[2010/10/11 19:57:10 | 002,119,434 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\zak g.tif
[2010/10/11 19:48:14 | 116,086,868 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\It's Kind Of A Funny Story.mov
[2010/10/11 19:46:36 | 017,562,960 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\C1AD_20101008_REFS3064.mpg
[2010/10/11 15:47:32 | 051,268,255 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\TR101110_Hour1.MP3
[2009/06/08 19:22:40 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\90298586.ini
[2009/05/23 09:20:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\94320306.ini
[2009/03/23 16:57:21 | 000,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
[2007/11/20 16:58:35 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/11/14 07:36:51 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/08/16 16:01:05 | 001,237,945 | -HS- | C] () -- C:\WINDOWS\System32\leofrowa.ini
[2007/08/15 21:04:59 | 001,241,683 | -HS- | C] () -- C:\WINDOWS\prrrtv.ini
[2007/08/15 19:05:17 | 001,230,929 | -HS- | C] () -- C:\WINDOWS\System32\vmnycoaq.ini
[2006/11/26 13:47:46 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.log
[2006/11/26 13:47:24 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\ezpinst.exe
[2006/11/26 13:47:24 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.cat
[2006/11/26 13:47:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\pcouffin.inf
[2006/08/04 01:17:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/25 18:30:52 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\WavCodec.wff
[2006/02/09 13:57:37 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/02/09 13:57:37 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2006/02/09 13:57:36 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\avidxpserial.sys
[2006/02/09 13:57:32 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/01/11 00:58:17 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/05/17 22:47:42 | 000,000,285 | ---- | C] () -- C:\WINDOWS\ONBLCALL.INI
[2005/05/17 22:47:32 | 000,003,372 | ---- | C] () -- C:\WINDOWS\ONBRCALL.INI
[2005/05/15 15:33:28 | 000,003,983 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/21 23:24:21 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\LSXConfig.dll
[2005/04/21 23:23:50 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/04/19 23:17:23 | 000,017,191 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2005/03/27 21:48:19 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/03/27 21:48:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/03/27 21:48:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/03/27 21:48:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/02/18 23:27:48 | 000,000,122 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2005/02/15 22:58:08 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/02/15 19:58:46 | 000,123,904 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/15 19:42:46 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2005/02/11 14:03:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/11 14:03:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/11 14:03:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/11 14:03:08 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/11 14:03:08 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/11 14:03:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/22 16:35:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 21:21:50 | 000,014,529 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 21:21:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 20:55:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 20:05:48 | 000,002,190 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/10/21 20:00:46 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 19:17:08 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 19:17:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 19:15:49 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 18:55:39 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 18:36:39 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 11:43:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/04 20:34:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2003/04/16 03:02:00 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2000/11/29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/02/23 16:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 14:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/10/21 11:41:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/10/21 11:41:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/10/21 11:41:45 | 000,868,352 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 10 November 2010 - 04:45 AM

Hi DSS and OTL basically provide similar information. The updated scan is needed to see what has changed since your last post. (I just happen to prefer OTL :wink:)

What do you mean once you run Spybot? Do you need to do a system scan with it? Does the scan find anything?

Please run a new scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 11 November 2010 - 05:00 AM

Hi Myrti,

Again, thank you so much for your help...I really appreciate it.

When I run SpyBot, all it finds is just cookies. But, the issue with the hourglass appearing when I hover over the Start Menu or Task Bar goes away during the scan and my computer runs fine after that. But, that usually takes a good half-hour.

I was unsure of what to select for settings when I ran GMER, so I ran the scan twice. The first scan had everything selected, including "IAT/EAT" and just drive my C drive. For the second scan, I de-selected "IAT/EAT," as I saw that that was mentioned in the preparation guide. The results for both scans are below.

Thanks for your help!

SCAN 1


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-10 18:28:49
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6B250S0 rev.BANC1B10
Running: 5tkzudcc.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8CDD000, 0x1C5D38, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs@CTE_32 Name 2455465:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install\VxDs@DefaultSettings -19:{3C7DA433-1047-9FC4-00BA-978A09424856}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 1.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 1.1@dat 806585365:{F43E75C5-00EC-F1DD-3063-E8FEB37C33CF}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1\dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1\dat@default 516231559:{F7C702D0-274C-7588-99B3-EEF2A68F4FB5}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 3.x
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 3.x@dat 1767914624:{A30FCE1C-7D38-35B2-13DB-EBCA8419C8EA}

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sectors 488396912 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


SCAN 2

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-11 03:11:43
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6B250S0 rev.BANC1B10
Running: 5tkzudcc.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9039000, 0x1C5D38, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs AA219400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs@CTE_32 Name 2455465:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install\VxDs@DefaultSettings -19:{3C7DA433-1047-9FC4-00BA-978A09424856}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 1.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 1.1@dat 806585365:{F43E75C5-00EC-F1DD-3063-E8FEB37C33CF}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1\dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}\Install\xga-1\dat@default 516231559:{F7C702D0-274C-7588-99B3-EEF2A68F4FB5}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 3.x
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 3.x@dat 1767914624:{A30FCE1C-7D38-35B2-13DB-EBCA8419C8EA}

---- EOF - GMER 1.0.15 ----

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 11 November 2010 - 06:03 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 11 November 2010 - 05:16 PM

When I logged onto my computer, the hourglass icon still appeared when I moved the mouse over the Start Menu and task menu. I attempted to run ComboFix and I got a message warning me that Avast Scanner was active. Since I was unable to access the control panel or task menu, I ran SpyBot and once the scan completed, my computer was working like normal (as has been the case since the infection started to happen).

I had deleted Avast last week (along with AVG) and I confirmed that it wasn't listed in the Add/Remove Programs.

I then ran ComboFix, assuming that the "Avast" warning might have been caused by the infection. Should I have done that? Here are the results:


ComboFix 10-11-10.03 - HP_Owner 11/11/2010 16:32:37.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1582 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\90298586.ini
c:\documents and settings\All Users\Application Data\94320306.ini
c:\documents and settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}
c:\documents and settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}\chrome.manifest
c:\documents and settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}\chrome\content\_cfg.js
c:\documents and settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}\chrome\content\overlay.xul
c:\documents and settings\HP_Owner\Local Settings\Application Data\{02142BA3-1786-4529-BFB2-20494AEEFF28}\install.rdf
c:\windows\prrrtv.ini
c:\windows\repair\acalau.ini2
c:\windows\repair\acalau.tmp
c:\windows\system32\kungsfyrlmywok.dat
c:\windows\system32\leofrowa.ini
c:\windows\system32\vmnycoaq.ini
D:\Autorun.inf

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-10-11 to 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-08 23:16 . 2010-11-08 23:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-11-07 23:30 . 2010-11-07 23:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-07 23:30 . 2010-11-07 23:30 -------- d-----w- C:\My Documents
2010-11-07 23:30 . 2010-11-07 23:30 -------- d-sh--w- c:\documents and settings\HP_Owner\IETldCache
2010-11-07 23:25 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-07 23:25 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-07 23:25 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-07 23:23 . 2010-11-07 23:24 -------- dc-h--w- c:\windows\ie8
2010-11-06 14:19 . 2010-11-06 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-06 05:03 . 2010-11-06 05:03 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-06 05:03 . 2010-11-06 05:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 05:03 . 2010-11-06 05:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 05:00 . 2010-11-06 05:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-01 21:43 . 2010-11-01 21:43 -------- d-----w- c:\program files\ERUNT
2010-11-01 02:22 . 2010-11-01 02:22 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\AVG10
2010-11-01 02:20 . 2010-11-01 02:20 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-31 15:32 . 2010-11-01 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-29 21:32 . 2010-10-29 21:32 0 ----a-w- c:\windows\Jtureceweweci.bin
2010-10-29 21:31 . 2004-08-04 02:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-10-29 21:31 . 2004-08-04 02:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-10-29 21:30 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-10-29 21:30 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-10-29 21:30 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-10-29 21:30 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-10-29 21:30 . 2010-10-29 21:30 200 ----a-w- c:\documents and settings\HP_Owner\Application Data\ahfg.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-21 21:08 . 2005-02-16 00:52 81920 ----a-w- c:\windows\ALCFDRTM.VER
2010-10-02 02:53 . 2009-03-23 21:57 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-15 21:46 . 2010-07-14 01:24 398744 ----a-r- c:\windows\system32\cpnprt2.cid
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-21 118784]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-08 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-08 659456]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-link AirPlus G DWL-G120 Wireless USB.lnk - c:\program files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe [2005-2-15 241664]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-10-21 45056]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2005-03-04 16:01 88209 ----a-w- c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-09-10 05:10 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-11 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-15 04:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2010-07-06 16:30 240480 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2004-04-28 06:41 188416 ----a-w- c:\program files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-06-27 04:21 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 20:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/14/2007 7:58 PM 24652]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2010-11-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-10-22 07:26]

2010-11-11 c:\windows\Tasks\User_Feed_Synchronization-{534D3CCC-ABF2-4BDE-8C26-B1F2AF8F3918}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bostondirtdogs.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\uh7ikn2l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.bostondirtdogs.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\HP_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-VTTimer - VTTimer.exe
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 16:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{4E41A485-04D4-CF7C-6CE3-27F7BEAE7048}\Data*]
@DACL=
"CTE_32 Name"="844011:{C3B8A1BC-8B18-94D5-AD04-2B3354994626}"

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AE\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2455465:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{ADD916B7-3238-B642-38AC-F31A4E6EE8C3}\Install*Loc\VxDs]
@DACL=
"DefaultSettings"="-19:{3C7DA433-1047-9FC4-00BA-978A09424856}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 1.1]
@DACL=
"dat"="806585365:{F43E75C5-00EC-F1DD-3063-E8FEB37C33CF}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2455486:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{297071E9-02D8-4F8F-C303-12C4127698D6}*\Install*Loc\xga-1\dat]
@DACL=
"default"="516231559:{F7C702D0-274C-7588-99B3-EEF2A68F4FB5}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\xga-1-{09D1BC9F-81A5-DC85-D2B9-E1F0CEDE4E23}\Version 3.x]
@DACL=
"dat"="1767914624:{A30FCE1C-7D38-35B2-13DB-EBCA8419C8EA}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{8AF87397-FE02-06C9-B182-EA534B19215E}\Current*Set\xga-1\ver]
@DACL=
"KnownSvcs"="923715448:{E924888F-6732-0195-8222-3AF7D644593D}"

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{9E3D6525-1828-25C4-089A-321196898253}\xga-1\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522284:{D346E92A-5190-D135-1B99-E6DF86B12C08}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="2:{19C42D30-D844-8A07-12A4-E783E7D228F7}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AE\DLL ver*\{B08ECCAD-FEC0-A273-8DFD-B47BE795EE25}]
@DACL=
"DefaultSettings"="19:{5351C505-4E6C-6ECA-E5BD-7AE84A571B0A}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3220)
c:\windows\system32\WININET.dll
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\UPnPUI.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\FakeAvRenderer.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\AvidSDMService.exe
c:\windows\system32\imapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2010-11-11 16:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-11 21:47

Pre-Run: 105,280,630,784 bytes free
Post-Run: 105,749,221,376 bytes free

- - End Of File - - 9A0A16364C3383D953E2385C683223DA

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 14 November 2010 - 04:49 PM

Hi,

In reference to the Avast warning you probably have remnants that CF has detected. Lets fix that.

Please do this.....

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply

Posted Image

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

Please also uninstall and reinstall Spybot and let me know if that fixes your issues.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 14 November 2010 - 08:18 PM

Hi Myrti,

I followed the steps and removed records of Avast and AVG. I then uninstalled Spybot, restarted the computer, and re-installed SpyBot. I'm having the same issues: The hour glass icon appears when I hover over the Start Menu and Task Bar, the time freezes, and none of the icons on the task bar appear.

I then click on Spybot and start the scan. After a couple of minutes, the time comes back to normal and the icons appear on the task bar and I'm able to access the Start Menu. So, right now, in order to be able to run my computer like "normal," I have to start a scan with SpyBot.

I noticed that when SpyBot is performing the search, things come back to normal when it's searching for "CoolWWWSearch" (if that helps).

Any other suggestions?

Thanks for your help.

Mike

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 15 November 2010 - 04:17 AM

Hi,

when Spybot was uninstalled, did the reboot cause the same symptoms or did it boot normally?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 15 November 2010 - 06:17 AM

When I uninstalled SpyBot and manually re-booted the computer, the same symptoms occurred that had been occurring lately: The hour glass icon appears when I hover over the Start Menu and Task Bar, the time freezes, and none of the icons on the task bar appear.

I then re-installed SpyBot and did a manual re-boot and the same issues occur. I have to click on the SpyBot icon and start a scan before being able to operate the computer normally. (I stop the scan once I see the items appear on the task menu and the clock change to the correct time).

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 15 November 2010 - 07:59 AM

Hi,

please run this scan with ComboFix, to remove the leftovers:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\HP_Owner\Application Data\ahfg.bat
c:\windows\Jtureceweweci.bin


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

I believe the issues come from one of the security softwares you are using, more than the malware you had.

If the problem persists after this could you please do a clean boot and let me know if this allows you to boot normally: How to do a clean boot on Windows XP


regards myrti

Edited by myrti, 15 November 2010 - 09:06 AM.
fixed link

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 MPD1981

MPD1981
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 15 November 2010 - 08:14 AM

Hi Myrti,

I'm going to do what you wrote in the previous reply later on today (I'm not on that computer right now).

Do you have a link on how to do a clean boot in Windows XP?

Thank you SO MUCH for your help.

Mike

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:55 AM

Posted 15 November 2010 - 09:06 AM

Hi,

I fixed the link in my original reply. It was supposed to be there from the beginning. :whistle:

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users