Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Explorer error message

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Explorer error message

Unread postby amouredevie » May 4th, 2009, 8:22 pm

Periodically receive an error msg concerning Internet Explorer, do you want to send a report. Close this and IE continues to stay open.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:11 PM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1239156298\ee\AOLSoftware.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Documents and Settings\Mary Lou\My Documents\HOTSYNC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mary Lou\My Documents\Palm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLMAILTBSearch Class - {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: AOL Email Toolbar Loader - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: AOL Email Toolbar - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1239156298\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O4 - Startup: HotSync Manager.lnk = C:\Documents and Settings\Mary Lou\My Documents\HOTSYNC.EXE
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9b7e494061d68) (gupdate1c9b7e494061d68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9698 bytes
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm
Advertisement
Register to Remove

Re: Internet Explorer error message

Unread postby MWR 3 day Mod » May 8th, 2009, 12:13 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Internet Explorer error message

Unread postby peku006 » May 9th, 2009, 3:07 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • I f you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - Download and Run Malwarebytes' Anti-Malware
  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.

    Image
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

4 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 12th, 2009, 7:36 pm

Hello Peku006,

Thank you for looking at my situation. Here is the malware txt file, the RSIT log.txt follows, the info.txt did not open.

My computer takes a long time to start up. It also takes a long time to open Firefox.

Rob

Malwarebytes' Anti-Malware 1.36
Database version: 2075
Windows 5.1.2600 Service Pack 3

5/12/2009 6:32:57 PM
mbam-log-2009-05-12 (18-32-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 319213
Time elapsed: 1 hour(s), 27 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

RSIT Files

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-05-12 19:32:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (13%) free of 144 GB
Total RAM: 3582 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:13 PM, on 5/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\upgrade.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [\\192.168.1.6\lp] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P16 "\\192.168.1.6\lp" /O16 "\\192.168.1.6\lp" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HP_Administrator\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0503390814
O16 - DPF: {8DA3CFFD-9662-4DBA-BD2E-4687528B4343} (FileBrowser.FBUserControl) - https://209.213.220.178/listfiles/FileBrowser.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9a2985291bcc2) (gupdate1c9a2985291bcc2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12864 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-27 438848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2006-06-13 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-02 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-09-13 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-02 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.16.0\gears.dll [2009-03-13 1687552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-04-27 438848]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-05-26 3170144]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-02 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-31 7634944]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-06-13 127036]
"\\192.168.1.6\lp"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-04 99840]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-04 516440]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe"="C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Maple 9\bin.win\mserver.exe"="C:\Program Files\Maple 9\bin.win\mserver.exe:*:Enabled:mserver"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\NASNavi2.11\NASNavi2\NasNavi2.exe"="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\NASNavi2.11\NASNavi2\NasNavi2.exe:*:Enabled:BUFFALO NASNavigator2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13cff3e3-1469-11dd-aecb-0018f34bd9e0}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-05-11 20:59:06 ----D---- C:\rsit
2009-05-06 11:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-05-06 06:26:31 ----D---- C:\WINDOWS\ie8updates
2009-05-06 06:25:38 ----HDC---- C:\WINDOWS\ie8
2009-05-05 21:33:38 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-05 21:33:34 ----D---- C:\Program Files\MSBuild
2009-05-05 21:33:28 ----D---- C:\Program Files\Reference Assemblies
2009-05-05 21:33:05 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-05-05 21:33:05 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-05-05 21:33:05 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-05-05 21:33:04 ----D---- C:\c0a45a1eeda30b547b
2009-05-05 21:30:23 ----SHD---- C:\Config.Msi
2009-05-04 20:32:30 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-04 20:02:21 ----D---- C:\Program Files\Trend Micro
2009-05-04 19:50:09 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-05-04 19:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-04 19:49:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-04 19:24:19 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-04 19:24:14 ----D---- C:\Program Files\Lavasoft
2009-05-04 19:24:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-03 16:46:04 ----D---- C:\WINDOWS\SHELLNEW
2009-04-17 18:41:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Ahead
2009-04-17 17:11:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 17:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 17:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 17:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 17:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 17:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 08:12:45 ----D---- C:\WINDOWS\system32\windows media
2009-04-17 08:12:35 ----D---- C:\Program Files\Windows Media Components
2009-04-17 08:12:32 ----HD---- C:\WINDOWS\msdownld.tmp
2009-04-17 00:06:58 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-13 15:24:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\NASNaviator2

======List of files/folders modified in the last 1 months======

2009-05-12 19:19:23 ----AD---- C:\WINDOWS
2009-05-12 19:08:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-12 18:49:16 ----D---- C:\WINDOWS\Temp
2009-05-12 07:41:53 ----D---- C:\WINDOWS\Prefetch
2009-05-12 07:01:55 ----D---- C:\Program Files\Mozilla Firefox
2009-05-12 06:34:13 ----D---- C:\WINDOWS\Registration
2009-05-12 06:33:52 ----D---- C:\WINDOWS\system32\drivers
2009-05-12 06:33:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-12 06:31:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-12 05:03:26 ----D---- C:\Program Files\Spyware Doctor
2009-05-11 21:05:34 ----D---- C:\Program Files\Mozilla Thunderbird
2009-05-10 20:48:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-08 16:56:51 ----HD---- C:\WINDOWS\inf
2009-05-07 13:39:59 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-06 21:29:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\DNA
2009-05-06 16:24:14 ----D---- C:\WINDOWS\system32
2009-05-06 15:28:51 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-05-06 11:32:40 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-05-06 06:31:34 ----D---- C:\Program Files\DNA
2009-05-06 06:30:50 ----D---- C:\WINDOWS\system32\en-US
2009-05-06 06:30:50 ----D---- C:\WINDOWS\Media
2009-05-06 06:30:49 ----D---- C:\WINDOWS\Help
2009-05-06 06:30:49 ----D---- C:\Program Files\Internet Explorer
2009-05-06 06:30:48 ----D---- C:\WINDOWS\SxsCaPendDel
2009-05-06 06:26:33 ----A---- C:\WINDOWS\imsins.BAK
2009-05-06 06:26:29 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-05 21:44:30 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-05 21:44:29 ----RSD---- C:\WINDOWS\assembly
2009-05-05 21:37:47 ----SHD---- C:\WINDOWS\Installer
2009-05-05 21:36:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-05 21:36:13 ----D---- C:\WINDOWS\WinSxS
2009-05-05 21:33:34 ----D---- C:\Program Files
2009-05-05 21:33:31 ----RSD---- C:\WINDOWS\Fonts
2009-05-05 21:33:16 ----D---- C:\WINDOWS\system32\spool
2009-05-05 19:47:38 ----SD---- C:\WINDOWS\Tasks
2009-05-04 19:25:34 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-03 19:06:37 ----D---- C:\WINDOWS\system32\wbem
2009-05-03 16:47:50 ----A---- C:\WINDOWS\win.ini
2009-05-03 16:47:43 ----D---- C:\Program Files\Common Files\System
2009-05-03 16:27:58 ----A---- C:\WINDOWS\ODBC.INI
2009-04-25 15:52:02 ----D---- C:\Program Files\Google
2009-04-17 17:18:29 ----D---- C:\WINDOWS\AppPatch
2009-04-17 17:10:09 ----D---- C:\WINDOWS\ie7updates
2009-04-17 08:12:27 ----D---- C:\Program Files\V1 Home 2.0
2009-04-16 06:42:53 ----D---- C:\WINDOWS\Minidump
2009-04-13 17:48:30 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Registry Booster
2009-04-13 15:22:43 ----D---- C:\Program Files\BUFFALO

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-03-17 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2006-03-17 22684]
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-06-13 25724]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-06-13 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-06-13 86844]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-06-13 14716]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-06-13 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-06-13 88476]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-06-13 94460]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-03-17 40544]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ActivHidSerMini;Promethean Serial Board Driver; C:\WINDOWS\system32\DRIVERS\activhidsermini.sys [2008-12-17 55424]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-05-16 229376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-31 3964256]
R3 prmvmouse;Promethean HID Mouse Service; C:\WINDOWS\system32\DRIVERS\activmouse.sys [2008-12-17 4352]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-24 48640]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ddnt;ddnt; C:\WINDOWS\system32\drivers\ddnt.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PolarUSB;Polar USB Interface; C:\WINDOWS\system32\DRIVERS\PolarUSB.sys [2001-07-12 17343]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 stusb2ir;USB 2.0 IrDA Bridge; C:\WINDOWS\system32\DRIVERS\stusb2ir.sys [2006-09-22 40856]
S3 SVPN;Symantec L2VPN; C:\WINDOWS\system32\DRIVERS\scvgl2.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 astcc;AST Service; C:\WINDOWS\system32\AstSrv.exe [2008-07-09 385024]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-04 953168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NasPmService;NAS PM Service; C:\Program Files\BUFFALO\NASNAVI\nassvc.exe [2008-07-11 251184]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-31 155715]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-04-01 1245064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 gupdate1c9a2985291bcc2;Google Update Service (gupdate1c9a2985291bcc2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-11 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 13th, 2009, 3:29 am

Hi Rob
My computer takes a long time to start up. It also takes a long time to open Firefox.

Ok , Let's run a couple of scans and see what we find.

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 16th, 2009, 12:49 pm

Hello,

Thanks again for any help you can provide. Here is the txt file:

ComboFix 09-05-15.08 - HP_Administrator 05/16/2009 12:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3001 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-16 to 2009-05-16 )))))))))))))))))))))))))))))))
.

2009-05-16 16:24 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-16 16:23 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-16 16:23 . 2009-04-03 15:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-16 16:23 . 2008-12-10 15:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-12 00:59 . 2009-05-12 00:59 -------- d-----w C:\rsit
2009-05-06 13:09 . 2009-05-06 13:09 -------- d-sh--w c:\documents and settings\HP_Administrator\PrivacIE
2009-05-06 10:32 . 2009-05-06 10:32 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-05-06 10:31 . 2009-05-06 10:31 -------- d-sh--w c:\documents and settings\HP_Administrator\IETldCache
2009-05-06 10:26 . 2009-05-06 10:26 -------- d-----w c:\windows\ie8updates
2009-05-06 10:26 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-06 10:25 . 2009-05-06 10:25 -------- dc-h--w c:\windows\ie8
2009-05-06 01:33 . 2009-05-06 01:33 -------- d-----w c:\windows\system32\XPSViewer
2009-05-06 01:33 . 2009-05-06 01:33 -------- d-----w c:\program files\MSBuild
2009-05-06 01:33 . 2009-05-06 01:33 -------- d-----w c:\program files\Reference Assemblies
2009-05-06 01:33 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-06 01:33 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-06 01:33 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-06 01:33 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-06 01:33 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-06 01:33 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-06 01:33 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-06 01:33 . 2009-05-06 01:33 -------- d-----w C:\c0a45a1eeda30b547b
2009-05-05 00:45 . 2009-05-05 00:45 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-05 00:32 . 2009-05-04 23:25 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-05 00:02 . 2009-05-05 00:02 -------- d-----w c:\program files\Trend Micro
2009-05-04 23:50 . 2009-05-04 23:50 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-05-04 23:49 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-04 23:49 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 23:49 . 2009-05-04 23:49 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-04 23:49 . 2009-05-04 23:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-04 23:25 . 2009-05-04 23:25 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-04 23:24 . 2009-05-04 23:24 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-04 23:24 . 2009-05-04 23:24 -------- d-----w c:\program files\Lavasoft
2009-05-04 23:24 . 2009-05-04 23:25 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-03 20:46 . 2009-05-03 20:46 -------- d-----w c:\windows\SHELLNEW
2009-04-17 22:41 . 2009-04-17 22:41 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Ahead
2009-04-17 12:12 . 2009-04-17 12:12 -------- d-----w c:\windows\system32\windows media
2009-04-17 12:12 . 2009-04-17 12:12 -------- d-----w c:\program files\Windows Media Components
2009-04-17 12:12 . 2009-04-17 12:12 -------- d--h--w c:\windows\msdownld.tmp
2009-04-17 04:07 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 04:07 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 04:07 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 04:07 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 04:07 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 04:07 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 04:07 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 04:07 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 04:07 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 04:06 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 04:06 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 16:34 . 2008-11-30 12:30 -------- d-----w c:\program files\Spyware Doctor
2009-05-16 16:24 . 2009-05-16 16:24 691712 ----a-w c:\windows\isRS-000.tmp
2009-05-16 16:24 . 2008-11-30 12:31 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-16 01:47 . 2007-02-03 03:38 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-12 23:48 . 2007-02-03 11:08 -------- d-----w c:\program files\Google
2009-05-06 10:31 . 2009-03-31 23:56 -------- d-----w c:\program files\DNA
2009-05-06 02:19 . 2006-09-13 04:54 74608 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:12 . 2008-05-08 23:24 -------- d-----w c:\program files\V1 Home 2.0
2009-04-15 21:29 . 2009-04-15 21:29 3366912 ----a-w c:\windows\system32\GPhotos.scr
2009-04-13 19:22 . 2008-08-26 14:31 -------- d-----w c:\program files\BUFFALO
2009-04-13 13:48 . 2008-07-09 02:47 60400 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-13 01:57 . 2009-04-13 01:57 -------- d-----w c:\program files\iTunes
2009-04-13 01:57 . 2009-04-13 01:57 -------- d-----w c:\program files\iPod
2009-04-13 01:57 . 2008-10-02 16:22 -------- d-----w c:\program files\Common Files\Apple
2009-03-31 23:56 . 2009-03-31 23:56 -------- d-----w c:\program files\BitTorrent
2009-03-30 01:37 . 2009-03-30 01:34 -------- d-----w c:\program files\Maple 9
2009-03-30 01:36 . 2009-03-30 01:36 28672 ----a-w c:\windows\system32\maplec.dll
2009-03-30 01:36 . 2007-02-03 13:02 -------- d--h--w c:\program files\Zero G Registry
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 08:34 . 2004-08-10 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-10 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-10 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-10 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-10 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-10 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-10 04:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-10 04:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-10 04:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-10 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-14 14:00 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-10-05 01:09 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"\\192.168.1.6\lp"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-04 516440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-13 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-13 27136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BUFFALO\\NASNAVI\\NasNavi.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Maple 9\\bin.win\\mserver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3689:TCP"= 3689:TCP:Itunes

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/4/2009 7:25 PM 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 12:23 PM 130936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 953168]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/30/2008 8:31 AM 348752]
R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [12/17/2008 10:42 AM 55424]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [9/13/2006 12:42 AM 82048]
R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2/5/2009 5:30 PM 4352]
S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
S2 ddnt;ddnt; [x]
S2 gupdate1c9a2985291bcc2;Google Update Service (gupdate1c9a2985291bcc2);c:\program files\Google\Update\GoogleUpdate.exe [3/11/2009 6:25 PM 133104]
S3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [6/18/2007 3:21 PM 40856]
S3 SVPN;Symantec L2VPN;c:\windows\system32\DRIVERS\scvgl2.sys --> c:\windows\system32\DRIVERS\scvgl2.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 23:25]

2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-05-16 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 22:25]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Compare Prices with &Dealio - c:\documents and settings\HP_Administrator\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: trymedia.com
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_setti ... Config.CAB
DPF: {8DA3CFFD-9662-4DBA-BD2E-4687528B4343} - hxxps://209.213.220.178/listfiles/FileBrowser.CAB
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-16 12:43
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-16 12:45
ComboFix-quarantined-files.txt 2009-05-16 16:45

Pre-Run: 36,724,686,848 bytes free
Post-Run: 38,941,495,296 bytes free

225 --- E O F --- 2009-05-12 23:50
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 18th, 2009, 12:34 pm

Hi amouredevie

REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
DNA


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 19th, 2009, 4:47 pm

Hello peku006,

Here is the contents of the hijackthis text file you asked me to paste. Thanks again for your help. (I removed Bitorrent and DNA)

Activdriver v5.1.1
Activsoftware Inspire Core Resources
Activsoftware Inspire Edition
Activsoftware Inspire Help (USA)
Activsoftware Inspire HWR Resources
Activstudio Docs (USA) v3.7.1
Activstudio Help (USA) v3.7.1
ACTIVstudio PE Help (USA) v2.5.1
ACTIVstudio PE Manuals (USA) v2.5.4
ACTIVstudio Professional Edition v2.5.82
Activstudio Professional Edition v3.7
ACTIVstudio Resources (USA) v2.5.2
Activstudio Resources (USA) v3.5.1
Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player 11
Adobe SVG Viewer 3.0
AnswerWorks 4.0 Runtime - English
Apple Mobile Device Support
Apple Software Update
Argentum Backup
Audacity 1.2.6
Audible Download Manager
AudibleManager
Avira AntiVir Premium
Bonjour
Brownstone Equation Editor 5
BUFFALO NAS Navigator
Compatibility Pack for the 2007 Office system
Copy Utility
Critical Update for Windows Media Player 11 (KB959772)
Customer Experience Enhancement
DDXL Student 2.1.0
Dealio Toolbar 3.4
Diploma
DISCover
DivX
Easy Internet Sign-up
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
eWallet 6.1 for Windows PCs
Exam
FileZilla (remove only)
FLV Player 2.0 (build 25)
FolderMatch v3.4.8
Free FLV Converter V 5.9
GemMaster Mystic
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HandyGraph 1.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Product Detection
HP Update
HP Web Helper
ImTOO 3GP Video Converter
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
iTunes
iTunes Art Importer
Java(TM) 6 Update 13
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Maple 9
MathType 6
MediaFACE 4.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (1.4.1)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
My HP Games
Nero 6 Ultra Edition
NetMos Multi-IO Controller
Netscape Browser (remove only)
NVIDIA Drivers
Otto
Palm Desktop
PC-Doctor 5 for Windows
PF 2450 PHOTO Guide
Picasa 3
Polar Precision Performance SW 3.0
Python 2.2 pywin32 extensions (build 203)
Quicken 2007
QuickTime
Realtek High Definition Audio Driver
Registry Booster
Rhapsody
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
ScanToWeb
Search Settings 1.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shockwave
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic UDF Reader
Sonic Update Manager
Sony DVD Architect Studio 4.5
Sony Picture Utility
Sony USB Driver
Sony Vegas Movie Studio Platinum 8.0
SpeedUpMyPC
TestWorks
TI Connect 1.6
TI-Nspire™ CAS Computer Software Teacher Edition
TurboTax Deluxe 2007
Tweak UI
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
URGE
V1 Home 2.0
VC 9.0 Runtime
Vegas Movie Studio Platinum 9.0
Verizon Online Help and Support
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Web Driver
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinTasks
Yahoo! Toolbar for Internet Explorer
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 20th, 2009, 9:28 am

Hi amouredevie

1 - Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:files
c:\windows\isRS-000.tmp

:Commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. the OTMoveIt3
3. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 20th, 2009, 2:39 pm

Hello Peku006,

Looks like I have two viruses per kaspersky. System still runs about the same, long time to boot up, long time to open firefox. Don't have the shutdown issues I used to have (where it couldn't close an application)

KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, May 19, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, May 19, 2009 20:32:57
Records in database: 2198945
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Z:\
Scan statistics
Files scanned 282285
Threat name 1
Infected objects 4
Suspicious objects 0
Duration of the scan 04:40:58

File name Threat name Threats count
D:\I386\APPS\APP21771\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
D:\I386\APPS\APP21771\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2
The selected area was scanned.


OTMOVEIT3

File/Folder c:\windows\isRS-000.tmp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_bnp0gHXPkX6LVjo0EUUx scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9A82.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DF9E13.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~DFB94E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.Word\~WRS0032.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6a84p52n.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05202009_143436

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:51 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Argentum Backup\ab.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Picasa3\Picasa3.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\HP_Administrator\Desktop\OTMoveIt3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [\\192.168.1.6\lp] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P16 "\\192.168.1.6\lp" /O16 "\\192.168.1.6\lp" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\HP_Administrator\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Argentum Backup] "C:\Program Files\Argentum Backup\ab.exe" /startup
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HP_Administrator\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.19.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_setti ... Config.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcC ... gctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0503390814
O16 - DPF: {8DA3CFFD-9662-4DBA-BD2E-4687528B4343} (FileBrowser.FBUserControl) - https://209.213.220.178/listfiles/FileBrowser.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9a2985291bcc2) (gupdate1c9a2985291bcc2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12182 bytes
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 20th, 2009, 3:39 pm

Hi amouredevie
Looks like I have two viruses per kaspersky

WeatherBug is not-a-virus it´s AdWare and it is not "active", because it is located in the HP Recovery Partition

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

post back if it helped.

Download ToolBar S&D to your desktop.

Disable your antivirus and antimalware programs so they do not interfere with the running of ToolBar S&D.
  • Double-click ToolBar S&D.exe
  • Choose the language, then choose Option 1 (Search)
  • Wait till the end of the scan.
  • Notepad will open containing the report log.
  • Post that log in your next reply.
  • A copy will also be saved in (%SystemDrive%\TB.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 20th, 2009, 9:15 pm

Hello peku006,

Here's the TB file:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Not Activated)
C:\ (Local Disk) - NTFS - Total:140 Go (Free:36 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( Wed 05/20/2009|21:11 )

-----------\\ Searching for Files - Folders ...

C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\temp\dealio-14381.log
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\temp\dealio-14383.log
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Dealio
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127\temp\ws-14384.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ Extensions

(HP_Administrator) - {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} => deliciousBookmarks
(HP_Administrator) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(HP_Administrator) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(HP_Administrator) - {6e84150a-d526-41f1-a480-a67d3fed910d} => ieview


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://my.yahoo.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/ie"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Documents\ACTIV Software\ACTIVstudio 2\Shared Sounds\domestic\crack.wav
C:\DOCUME~1\ALLUSE~1\Documents\ACTIV Software\Activstudio3\Shared Sounds\domestic\crack.wav



1 - "C:\ToolBar SD\TB_1.txt" - Wed 05/20/2009|21:12 - Option : [1]

-----------\\ Scan completed at 21:12:56.47
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 21st, 2009, 2:17 am

Hi amouredevie

Disable your antivirus and antimalware programs so they do not interfere with the running of ToolBar S&D.
  • Double-click ToolBar S&D.exe
  • Choose the language, then choose Option 2 (Fix)
  • Deleting Toolbar files / folders / services
  • Deleting Toolbar registry keys
  • Deleting nasty extensions ( XP only )
  • Creating a backup in the folder %SystemDrive%\ToolBar SD\Backup-TB
  • Wait till the end of the scan.
  • Notepad will open containing the report log.
  • Post that log in your next reply.
  • A copy will also be saved in (%SystemDrive%\TB.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Internet Explorer error message

Unread postby amouredevie » May 21st, 2009, 8:25 am

Here we go!

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrator ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Not Activated)
C:\ (Local Disk) - NTFS - Total:140 Go (Free:36 Go)
D:\ (Local Disk) - FAT32 - Total:8 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( Thu 05/21/2009| 8:22 )

-----------\\ FIX

Deleted! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio\kb127
Deleted! - C:\Program Files\Dealio\DealioAU.exe
Deleted! - C:\Program Files\Dealio\kb127
Deleted! - C:\Program Files\Dealio\SearchSettingsKit.exe
Deleted! - C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Dealio
Deleted! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Deleted! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127
Deleted! - C:\Program Files\Search Settings\kb127
Deleted! - C:\Program Files\Search Settings\SearchSettings.exe
Deleted! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Dealio
Deleted! - C:\Program Files\Dealio
Deleted! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings
Deleted! - C:\Program Files\Search Settings

-----------\\ Searching for Files - Folders ...


-----------\\ Extensions

(HP_Administrator) - {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} => deliciousBookmarks
(HP_Administrator) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(HP_Administrator) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(HP_Administrator) - {6e84150a-d526-41f1-a480-a67d3fed910d} => ieview


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://my.yahoo.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.google.com/ie"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ALLUSE~1\Documents\ACTIV Software\ACTIVstudio 2\Shared Sounds\domestic\crack.wav
C:\DOCUME~1\ALLUSE~1\Documents\ACTIV Software\Activstudio3\Shared Sounds\domestic\crack.wav



1 - "C:\ToolBar SD\TB_1.txt" - Wed 05/20/2009|21:12 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Thu 05/21/2009| 8:23 - Option : [2]

-----------\\ Scan completed at 8:23:30.20
amouredevie
Regular Member
 
Posts: 16
Joined: May 4th, 2009, 8:10 pm

Re: Internet Explorer error message

Unread postby peku006 » May 21st, 2009, 10:34 am

Hi amouredevie

1 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

2 - Status Check
Please reply with

a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware