Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Problems

Unread postby wealdstone » March 7th, 2011, 7:32 pm

Home computer with Windows XP.

AVG gives warnings regarding "backdoor.generic13.alad" and "blackhole exploit kit".

Web pages keep getting redirected.

Thanks in advance.


DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Owner at 19:32:10.20 on 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.752 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Garmin\gStart.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe
C:\WINDOWS\system32\HPBSPSVR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\HPBJDSNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\Kevin\Hijack This\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\My Documents\Kevin\Hijack This\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.skybroadband.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Internet Explorer Provided By Sky Broadband
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart board software\NotebookPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [gStart] c:\garmin\gStart.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Spyware Doctor] c:\documents and settings\hp_owner\desktop\sdsetup[1].exe -min
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Sky

Broadband; GTB6.6; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.myfootballgames.co.uk/game/196/Kicking-Screaming.html"
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [HP Status] c:\windows\system32\hpstatus.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [five Media Manager Tray] "c:\program files\entriq\mediasphere\EntriqMediaTray.exe" /CustomId:five
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\hp_owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hp\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hp\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/ ... _Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdat ... /opuc3.cab
DPF: {4DAE4123-E35E-4DE2-8EF8-1FFF72E1E469} - hxxp://content.lgfl.org.uk/secure/multe ... /axpmt.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://benjaminlynch.spaces.live.com//P ... nPUpld.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 9720264921
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.gamehouse.com/games/tumblebugs/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} - hxxp://help.broadbandassist.com/prequal ... reQual.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/s ... wflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mbfuxytx.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-30 1128640]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-2-19 3032360]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\linksys\wusb300n\WLService.exe [2009-2-13 53307]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate1ca3c1b4bc8dc1e;Google Update Service (gupdate1ca3c1b4bc8dc1e);c:\program files\google\update\GoogleUpdate.exe [2009-9-23 133104]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-15 517448]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-2-19 15144]
.
=============== Created Last 30 ================
.
2011-02-26 09:39:01 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2011-02-07 19:47:47 -------- d-----w- c:\program files\iPod
2011-02-07 19:47:43 -------- d-----w- c:\program files\iTunes
2011-02-04 19:15:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-04 15:58:43 0 ----a-w- c:\windows\system32\tmp.tmp
2011-02-04 15:58:42 25088 ----a-w- c:\windows\system32\mbfuxytx.dll
2011-01-30 22:26:00 -------- d-----w- c:\docume~1\hp_owner\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-01-21 14:44:37 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
.
==================== Find3M ====================
.
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 18:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 16:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3300831AS rev.3.03 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-7
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A857439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a85d7b8]; MOV EAX, [0x8a85d834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH

EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A897AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006b[0x8A86ED98]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A883940]
\Driver\atapi[0x8A865650] -> IRP_MJ_CREATE -> 0x8A857439
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-7 -> \??\IDE#DiskST3300831AS_____________________________3.03____#5&3873a36&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A85727F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:34:16.48 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/08/2006 18:54:25
System Uptime: 04/02/2011 15:44:55 (4 hours ago)
.
Motherboard: Hewleet-Packard | | Asterope2
Processor: Intel(R) Pentium(R) D CPU 3.40GHz | CPU 1 | 3399/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 273 GiB total, 187.87 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.543 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1344: 29/11/2010 19:50:30 - System Checkpoint
RP1345: 30/11/2010 20:11:38 - System Checkpoint
RP1346: 01/12/2010 17:23:57 - Software Distribution Service 3.0
RP1347: 02/12/2010 18:07:08 - System Checkpoint
RP1348: 06/12/2010 13:42:43 - System Checkpoint
RP1349: 08/12/2010 09:44:16 - System Checkpoint
RP1350: 09/12/2010 09:54:27 - System Checkpoint
RP1351: 11/12/2010 11:12:44 - System Checkpoint
RP1352: 12/12/2010 16:08:49 - System Checkpoint
RP1353: 13/12/2010 19:34:24 - System Checkpoint
RP1354: 14/12/2010 20:36:29 - System Checkpoint
RP1355: 15/12/2010 21:22:04 - System Checkpoint
RP1356: 15/12/2010 23:29:06 - Software Distribution Service 3.0
RP1357: 17/12/2010 19:35:54 - System Checkpoint
RP1358: 18/12/2010 20:18:19 - System Checkpoint
RP1359: 19/12/2010 20:48:18 - System Checkpoint
RP1360: 20/12/2010 20:55:18 - System Checkpoint
RP1361: 21/12/2010 21:30:33 - System Checkpoint
RP1362: 22/12/2010 22:01:25 - System Checkpoint
RP1363: 23/12/2010 22:03:22 - System Checkpoint
RP1364: 27/12/2010 19:58:19 - System Checkpoint
RP1365: 29/12/2010 15:45:59 - System Checkpoint
RP1366: 30/12/2010 19:50:21 - System Checkpoint
RP1367: 31/12/2010 19:54:13 - System Checkpoint
RP1368: 02/01/2011 12:44:21 - System Checkpoint
RP1369: 03/01/2011 16:26:21 - System Checkpoint
RP1370: 04/01/2011 16:45:15 - System Checkpoint
RP1371: 05/01/2011 16:45:45 - System Checkpoint
RP1372: 06/01/2011 19:48:19 - System Checkpoint
RP1373: 07/01/2011 21:01:37 - System Checkpoint
RP1374: 09/01/2011 14:31:59 - System Checkpoint
RP1375: 10/01/2011 14:35:29 - System Checkpoint
RP1376: 11/01/2011 17:56:57 - System Checkpoint
RP1377: 12/01/2011 17:57:50 - System Checkpoint
RP1378: 12/01/2011 23:40:46 - Software Distribution Service 3.0
RP1379: 13/01/2011 14:31:36 - Installed Java(TM) 6 Update 23
RP1380: 14/01/2011 14:40:10 - System Checkpoint
RP1381: 15/01/2011 15:15:05 - System Checkpoint
RP1382: 16/01/2011 16:14:15 - System Checkpoint
RP1383: 17/01/2011 16:47:09 - System Checkpoint
RP1384: 18/01/2011 19:03:42 - System Checkpoint
RP1385: 19/01/2011 19:59:02 - System Checkpoint
RP1386: 20/01/2011 20:02:43 - System Checkpoint
RP1387: 21/01/2011 20:33:25 - System Checkpoint
RP1388: 22/01/2011 20:47:52 - System Checkpoint
RP1389: 23/01/2011 21:25:36 - System Checkpoint
RP1390: 24/01/2011 22:15:35 - System Checkpoint
RP1391: 25/01/2011 18:37:39 - Unsigned driver install
RP1392: 26/01/2011 19:37:08 - System Checkpoint
RP1393: 27/01/2011 20:35:43 - System Checkpoint
RP1394: 28/01/2011 21:01:45 - System Checkpoint
RP1395: 29/01/2011 21:19:15 - System Checkpoint
RP1396: 31/01/2011 08:21:38 - System Checkpoint
RP1397: 01/02/2011 08:30:46 - System Checkpoint
RP1398: 02/02/2011 09:09:39 - System Checkpoint
RP1399: 03/02/2011 10:24:12 - System Checkpoint
RP1400: 04/02/2011 11:00:43 - System Checkpoint
RP1401: 05/02/2011 17:23:06 - System Checkpoint
RP1402: 06/02/2011 17:50:12 - System Checkpoint
RP1403: 07/02/2011 19:00:10 - System Checkpoint
RP1404: 09/02/2011 08:48:25 - System Checkpoint
RP1405: 10/02/2011 13:31:44 - System Checkpoint
RP1406: 10/02/2011 15:00:20 - Software Distribution Service 3.0
RP1407: 11/02/2011 18:08:49 - System Checkpoint
RP1408: 12/02/2011 18:50:14 - System Checkpoint
RP1409: 14/02/2011 21:49:02 - System Checkpoint
RP1410: 16/02/2011 17:50:32 - System Checkpoint
RP1411: 17/02/2011 18:12:52 - System Checkpoint
RP1412: 18/02/2011 18:48:42 - System Checkpoint
RP1413: 19/02/2011 19:16:29 - System Checkpoint
RP1414: 21/02/2011 09:39:06 - System Checkpoint
RP1415: 22/02/2011 20:52:58 - System Checkpoint
RP1416: 24/02/2011 10:17:06 - System Checkpoint
RP1417: 25/02/2011 10:58:02 - System Checkpoint
RP1418: 26/02/2011 11:41:10 - System Checkpoint
RP1419: 26/02/2011 15:00:16 - Software Distribution Service 3.0
RP1420: 26/02/2011 20:02:22 - Software Distribution Service 3.0
RP1421: 27/01/2011 13:48:38 - System Checkpoint
RP1422: 28/01/2011 14:59:00 - System Checkpoint
RP1423: 29/01/2011 22:44:27 - System Checkpoint
RP1424: 31/01/2011 02:49:07 - System Checkpoint
RP1425: 01/02/2011 22:41:28 - System Checkpoint
RP1426: 03/02/2011 15:15:08 - System Checkpoint
RP1427: 04/02/2011 17:12:56 - System Checkpoint
.
==== Installed Programs ======================
.
.
A Better Mousetrap 1.0
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 3.0
Adobe Premiere Elements 1.0
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92PP Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Audacity 1.2.6
AVG 2011
Bonjour
BufferChm
CameraDrivers
CameraUserGuides
Choice Guard
Clicker 5 English UK Standalone
Compatibility Pack for the 2007 Office system
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Creative MediaSource
Creative Removable Disk Manager
Creative System Information
Creative Zen MicroPhoto
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Dan Elwell's Broadband Speed Test
Demand Five Player
Destinations
DeviceManagementQFolder
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
Garmin POI Loader
Garmin StreetPilot c320 Europe
Garmin WebUpdater
GdiplusUpgrade
Gimp 2.6.1
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Document Viewer 6.1
HP DVD Play 2.1
HP Imaging Device Functions 7.0
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Product Detection
hp psc 1200 series
HP Solution Center and Imaging Support Tools 6.1
HP Update
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
IKEA Home Planner
InstantShareDevices
Internet Services
iOrgSoft Video Converter 3.3.8
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LaCie Backup Software v1.5.2215
LightScribe 1.4.84.1
Linksys Wireless-N USB Network Adapter WUSB300N
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
NVIDIA Drivers
OpenOffice.org 3.1
OptionalContentQFolder
PanoStandAlone
PC-Doctor 5 for Windows
PE Builder 3.1.10a
Pen Tablet
PhotoGallery
PowerCinema
Printer Status and Alerts Uninstaller
PS420
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sex and Relationship Education
Shop for HP Supplies
SkinsHP1
Sky Broadband
SlideShow
SlideShowMusic
SMART Board Software
SMART Board Software (English United Kingdom Language Pack)
SMART Essentials for Educators
SmartDraw 2010
Softi FreeOCR
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Flexible File Synchronizer v3.10
Sweet Home 3D version 2.2
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Uninstall Entriq MediaSphere
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WebReg
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wisdom-soft Set up ScreenHunter 5.1 Free
WriteOnline
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
27/02/2011 10:29:39, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
27/02/2011 10:29:39, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/02/2011 20:07:41, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
26/02/2011 19:53:47, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
26/02/2011 19:53:17, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WUSB300NSvc service.
25/02/2011 21:04:26, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/02/2011 21:02:26, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
25/02/2011 21:00:56, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
25/02/2011 21:00:26, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/02/2011 09:36:31, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 0018F8A43941 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
11/02/2011 16:54:23, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 0018F8A43941 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/02/2011 15:24:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
04/02/2011 08:14:51, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm
Advertisement
Register to Remove

Re: Trojan Problems

Unread postby Bob4 » March 7th, 2011, 9:34 pm

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • Follow the steps I describe in the order I asked if at all possible,
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


NOTE to Vista and windows 7 users:
For any tool I ask you to run you will need to "right click on it and choose
"Run as Administrator"

_______________________________________
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.


___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall

Adobe Reader 7.1.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7


_________________________________________
Update Java Runtime

You are using an old and vunerable version of Java. The lateset is Java Runtime Environment (Java SE 6 Update 24).
  • Go to Java Site
  • Click to Download JDK 6 Update 24(JDK or JRE)
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

___________________________________
Adobe Acrobat Reader update

You are using an older vulnerable version of Adobe Acrobat Reader. Please go here
to download Adobe Acrobat Reader 10
NOTE: Be sure to uncheck include McAfee security be fore you download.

________________________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the file path,
copy and paste this file path in there.
c:\windows\system32\mbfuxytx.dll

Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.
You may receive a message stating "
"The file you uploaded is 0 bytes.
Just let me know if that is what you saw.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/


_____________________________________
Your AVG is out of date,

  • Uninstall AVG Anti Virus through add/remove programs
    Let's get you a Anti virus in place that's a bit better and free.
    I will list 2 free anti virus programs just choose 1.
    AVIRA
    or
    AVAST FREE



_________________________
In your next reply I would like to see:

  • The report from TDSS Killer
  • The report from Jottis
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Trojan Problems

Unread postby wealdstone » March 8th, 2011, 4:10 pm

Hi Bob4

Thanks for your help with this.

I've been working through your instructions with varying degrees of success.

The TDSSKiller log is below.

I've uninstalled the Adobe Reader and Java programs. The update for Java worked but I couldn't get Adobe ReaderX to install.

When the information bar said that the "Adobe DLM" add-on had to be installed, IE stopped responding when I clicked the message.

I tried the scan for c:\windows\system32\mbfuxytx.dll on Jotti but the file couldn't be found.

I've installed Avira.

Thanks again.


2011/02/05 07:41:01.0656 4744 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/02/05 07:41:02.0250 4744 ================================================================================
2011/02/05 07:41:02.0250 4744 SystemInfo:
2011/02/05 07:41:02.0250 4744
2011/02/05 07:41:02.0250 4744 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/05 07:41:02.0250 4744 Product type: Workstation
2011/02/05 07:41:02.0250 4744 ComputerName: RACHEL
2011/02/05 07:41:02.0250 4744 UserName: HP_Owner
2011/02/05 07:41:02.0250 4744 Windows directory: C:\WINDOWS
2011/02/05 07:41:02.0250 4744 System windows directory: C:\WINDOWS
2011/02/05 07:41:02.0250 4744 Processor architecture: Intel x86
2011/02/05 07:41:02.0250 4744 Number of processors: 2
2011/02/05 07:41:02.0250 4744 Page size: 0x1000
2011/02/05 07:41:02.0250 4744 Boot type: Normal boot
2011/02/05 07:41:02.0250 4744 ================================================================================
2011/02/05 07:41:02.0562 4744 Initialize success
2011/02/05 07:41:09.0453 5340 ================================================================================
2011/02/05 07:41:09.0453 5340 Scan started
2011/02/05 07:41:09.0453 5340 Mode: Manual;
2011/02/05 07:41:09.0453 5340 ================================================================================
2011/02/05 07:41:13.0343 5340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/05 07:41:13.0375 5340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/05 07:41:13.0453 5340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/05 07:41:13.0515 5340 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/05 07:41:13.0609 5340 AgereSoftModem (994a42d273c35b43ee9d1e8a5d8bc639) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/05 07:41:13.0843 5340 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/05 07:41:14.0015 5340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/05 07:41:14.0062 5340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/05 07:41:14.0125 5340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/05 07:41:14.0171 5340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/05 07:41:14.0234 5340 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/05 07:41:14.0296 5340 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/05 07:41:14.0343 5340 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/05 07:41:14.0375 5340 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/05 07:41:14.0437 5340 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/05 07:41:14.0468 5340 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/05 07:41:14.0531 5340 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/05 07:41:14.0578 5340 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/05 07:41:14.0640 5340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/05 07:41:14.0718 5340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/05 07:41:14.0765 5340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/05 07:41:14.0812 5340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/05 07:41:14.0859 5340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/05 07:41:15.0203 5340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/05 07:41:15.0281 5340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/05 07:41:15.0359 5340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/05 07:41:15.0406 5340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/05 07:41:15.0468 5340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/05 07:41:15.0562 5340 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/02/05 07:41:15.0593 5340 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/02/05 07:41:15.0625 5340 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/02/05 07:41:15.0703 5340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/05 07:41:15.0796 5340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/05 07:41:15.0859 5340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/05 07:41:15.0890 5340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/05 07:41:15.0921 5340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/05 07:41:15.0968 5340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/05 07:41:16.0015 5340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/05 07:41:16.0062 5340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/05 07:41:16.0140 5340 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/05 07:41:16.0171 5340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/05 07:41:16.0234 5340 grmnusb (46947a84ebf10593be0612949603e724) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/02/05 07:41:16.0312 5340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/05 07:41:16.0375 5340 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/05 07:41:16.0468 5340 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/05 07:41:16.0531 5340 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/05 07:41:16.0562 5340 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/05 07:41:16.0625 5340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/05 07:41:16.0750 5340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/05 07:41:16.0828 5340 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/02/05 07:41:16.0921 5340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/05 07:41:17.0218 5340 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/05 07:41:17.0296 5340 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/05 07:41:17.0343 5340 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/05 07:41:17.0375 5340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/05 07:41:17.0437 5340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/05 07:41:17.0484 5340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/05 07:41:17.0531 5340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/05 07:41:17.0593 5340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/05 07:41:17.0640 5340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/05 07:41:17.0703 5340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/05 07:41:17.0765 5340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/05 07:41:17.0812 5340 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/05 07:41:17.0859 5340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/05 07:41:17.0906 5340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/05 07:41:18.0093 5340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/05 07:41:18.0140 5340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/05 07:41:18.0203 5340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/05 07:41:18.0234 5340 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/05 07:41:18.0328 5340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/05 07:41:18.0484 5340 MRVW245 (1e68eebb627f31409c9eeedc64924b29) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
2011/02/05 07:41:18.0593 5340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/05 07:41:18.0656 5340 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/05 07:41:18.0734 5340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/05 07:41:18.0796 5340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/05 07:41:18.0843 5340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/05 07:41:18.0875 5340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/05 07:41:18.0906 5340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/05 07:41:18.0937 5340 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/05 07:41:19.0015 5340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/05 07:41:19.0312 5340 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/05 07:41:19.0343 5340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/05 07:41:19.0390 5340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/05 07:41:19.0421 5340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/05 07:41:19.0500 5340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/05 07:41:19.0546 5340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/05 07:41:19.0656 5340 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/05 07:41:19.0703 5340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/05 07:41:19.0750 5340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/05 07:41:19.0828 5340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/05 07:41:20.0031 5340 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/05 07:41:20.0187 5340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/05 07:41:20.0250 5340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/05 07:41:20.0312 5340 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/05 07:41:20.0390 5340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/05 07:41:20.0421 5340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/05 07:41:20.0453 5340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/05 07:41:20.0484 5340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/05 07:41:20.0562 5340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/05 07:41:20.0609 5340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/05 07:41:20.0906 5340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/05 07:41:20.0953 5340 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/02/05 07:41:21.0000 5340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/05 07:41:21.0046 5340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/05 07:41:21.0109 5340 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/05 07:41:21.0312 5340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/05 07:41:21.0359 5340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/05 07:41:21.0406 5340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/05 07:41:21.0437 5340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/05 07:41:21.0484 5340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/05 07:41:21.0531 5340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/05 07:41:21.0578 5340 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/05 07:41:21.0640 5340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/05 07:41:21.0750 5340 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/02/05 07:41:21.0796 5340 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/05 07:41:21.0859 5340 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/02/05 07:41:21.0937 5340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/05 07:41:22.0015 5340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/05 07:41:22.0109 5340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/05 07:41:22.0250 5340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/05 07:41:22.0312 5340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/05 07:41:22.0375 5340 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/05 07:41:22.0437 5340 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/02/05 07:41:22.0484 5340 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/02/05 07:41:22.0562 5340 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/02/05 07:41:22.0640 5340 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
2011/02/05 07:41:22.0703 5340 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
2011/02/05 07:41:22.0750 5340 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
2011/02/05 07:41:22.0796 5340 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/02/05 07:41:22.0875 5340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/05 07:41:22.0906 5340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/05 07:41:23.0109 5340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/05 07:41:23.0203 5340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/05 07:41:23.0250 5340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/05 07:41:23.0296 5340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/05 07:41:23.0343 5340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/05 07:41:23.0468 5340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/05 07:41:23.0531 5340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/05 07:41:23.0625 5340 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/05 07:41:23.0703 5340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/05 07:41:23.0765 5340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/05 07:41:23.0843 5340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/05 07:41:23.0875 5340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/05 07:41:23.0921 5340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/05 07:41:23.0984 5340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/05 07:41:24.0015 5340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/05 07:41:24.0062 5340 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/05 07:41:24.0093 5340 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/05 07:41:24.0125 5340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/05 07:41:24.0171 5340 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/05 07:41:24.0218 5340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/05 07:41:24.0312 5340 wacmoumonitor (85f2115fea646693c195c101e15f5667) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/02/05 07:41:24.0359 5340 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/02/05 07:41:24.0390 5340 wacomvhid (a45bc72e1bbf4286a58ef9b894871394) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/02/05 07:41:24.0437 5340 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/02/05 07:41:24.0484 5340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/05 07:41:24.0562 5340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/05 07:41:24.0765 5340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/05 07:41:24.0828 5340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/02/05 07:41:24.0890 5340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/05 07:41:24.0953 5340 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/02/05 07:41:25.0125 5340 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/05 07:41:25.0125 5340 ================================================================================
2011/02/05 07:41:25.0125 5340 Scan finished
2011/02/05 07:41:25.0125 5340 ================================================================================
2011/02/05 07:41:25.0156 5276 Detected object count: 1
2011/02/05 07:41:54.0218 5276 \HardDisk0 - will be cured after reboot
2011/02/05 07:41:54.0218 5276 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/05 07:42:02.0859 4832 Deinitialize success
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm

Re: Trojan Problems

Unread postby Bob4 » March 8th, 2011, 7:35 pm

Your more than welcome for the help.
Good job so far.
Looks like Tdss killer found what I new it would. That should have helped with the redirects.


_________________________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

__________________________________
Let's get a different reader in place.
Foxit reader does the same as adode.
Go to this link
http://www.foxitsoftware.com/pdf/reader/addons.php
Choose
Download Foxit Reader - Free 4.3 for Windows (.exe)

Download and run that program to install it.


______________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidentally close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs


________________________________________
OTL
Please download OTL© by OldTimer and save it to your desktop. Click here.
  • Double click on OTL.exe to run it.
  • Make sure all the Use SafeList options are checked (ticked). There are five of them.
  • Check Scan All Users.
  • At the lower right corner, check LOP Check and Purity Check.
  • Click on Run Scan at the top left hand corner. This might take a while.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
    Note: These files are saved as OTL.txt and Extras.txt on the desktop.


_________________________
In your next reply I would like to see:

  • The report from OTL
  • The report from Malwarebytes
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Trojan Problems

Unread postby wealdstone » March 9th, 2011, 11:32 am

A bit more success this time. I think I got all the tasks completed.

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5996

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2011 08:56:50
mbam-log-2011-03-09 (08-56-50).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 371980
Time elapsed: 1 hour(s), 36 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL logfile created on: 09/03/2011 15:22:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 273.43 Gb Total Space | 201.71 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
Drive D: | 6.01 Gb Total Space | 0.54 Gb Free Space | 9.03% Space Free | Partition Type: FAT32

Computer Name: RACHEL | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/09 15:21:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 09:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/23 07:00:41 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/05/21 10:32:22 | 000,368,640 | ---- | M] (Entriq, Inc.) -- C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
PRC - [2008/05/21 10:29:30 | 001,404,928 | ---- | M] (Entriq, Inc.) -- C:\Program Files\Entriq\MediaSphere\3.8.2.9\EntriqMediaServer.exe
PRC - [2008/05/01 22:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2008/05/01 22:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 11:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2006/11/24 05:04:44 | 001,003,520 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files\SMART Board Software\SMARTBoardService.exe
PRC - [2006/10/30 19:44:02 | 001,128,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/10/19 06:52:14 | 005,286,912 | ---- | M] (Linksys) -- C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
PRC - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2006/02/24 18:46:34 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerCinema\PCMService.exe
PRC - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/07/25 09:05:44 | 001,896,448 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2005/07/04 15:46:04 | 000,053,307 | ---- | M] () -- C:\Program Files\Linksys\WUSB300N\WLService.exe
PRC - [2004/12/02 17:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2003/04/09 18:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/09 18:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 17:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 17:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/03/10 10:32:32 | 000,118,784 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpstatus.exe
PRC - [2003/03/10 10:31:34 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpbhksrv.exe
PRC - [2003/03/10 10:30:56 | 000,106,496 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpbjdsnt.exe
PRC - [2003/03/10 10:30:28 | 000,057,344 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpb2ksrv.exe
PRC - [2003/03/10 10:26:28 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\hpbspsvr.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 15:21:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 17:39:26 | 000,689,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp3res.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB300NSvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/24 09:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/05/01 22:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2008/04/09 11:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/08/09 07:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/24 05:04:44 | 001,003,520 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2006/10/30 19:44:02 | 001,128,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/02/24 18:47:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/02/24 18:47:00 | 000,266,338 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/02/24 18:46:20 | 001,073,152 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2004/10/04 03:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 02:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003/03/10 10:31:34 | 000,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\hpbhksrv.exe -- (HP Status Print)
SRV - [2003/03/10 10:30:28 | 000,057,344 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\hpb2ksrv.exe -- (HP Status)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/03/17 20:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/01/15 20:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/02/16 19:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 00:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/09/28 23:57:04 | 000,489,216 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/03/08 13:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/25 16:24:30 | 001,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/01/18 18:41:58 | 000,080,512 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/cust ... _side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2


[2009/10/19 18:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions
[2009/10/19 18:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/11/03 19:02:18 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [five Media Manager Tray] C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe (Entriq, Inc.)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HP Status] C:\WINDOWS\system32\hpstatus.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPBootOp] File not found
O4 - HKLM..\Run: [HPHUPD08] File not found
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008..\Run: [Spyware Doctor] C:\Documents and Settings\HP_Owner\Desktop\sdsetup[1].exe ()
O4 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/gb/Core/ ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdat ... /opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4DAE4123-E35E-4DE2-8EF8-1FFF72E1E469} http://content.lgfl.org.uk/secure/multe ... /axpmt.cab (AXPMT Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://benjaminlynch.spaces.live.com//P ... nPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 9720264921 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.gamehouse.com/games/tumblebugs/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} http://help.broadbandassist.com/prequal ... reQual.cab (PreQualifier Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 16:32:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{66df84ef-428a-11db-a0f8-0016eca34a95}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{cd7a6e8a-bcdb-11de-a7c6-0018f8a43941}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe
O33 - MountPoints2\{ebd98a64-7719-11dc-a349-0016eca34a95}\Shell - "" = AutoRun
O33 - MountPoints2\{ebd98a64-7719-11dc-a349-0016eca34a95}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ebd98a64-7719-11dc-a349-0016eca34a95}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 15:21:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/02/26 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/26 20:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/02/26 09:39:01 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/02/07 19:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/07 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/07 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2011/03/09 15:21:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTL.exe
[2011/02/21 15:24:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/17 16:02:00 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/17 15:47:04 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Clicker 5.lnk
[2011/02/10 15:23:24 | 000,416,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 15:06:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/07 19:48:55 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/02/26 20:18:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 15:54:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/02/17 15:47:04 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Shortcut to Clicker 5.lnk
[2011/02/07 19:48:55 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/06 10:35:44 | 000,091,668 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/15 17:17:21 | 000,000,382 | ---- | C] () -- C:\WINDOWS\MVPHEART.INI
[2009/03/04 14:26:57 | 000,000,023 | ---- | C] () -- C:\WINDOWS\hpjmonsv.ini
[2009/03/03 20:16:35 | 000,002,473 | ---- | C] () -- C:\WINDOWS\hpstatus.ini
[2009/03/03 20:16:29 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\jfwapi.dll
[2009/02/13 15:47:54 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/02/13 15:47:32 | 000,000,860 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/12/04 22:46:06 | 000,019,562 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2008/12/04 22:46:06 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2008/11/29 18:07:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/11/29 17:56:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/23 13:18:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Organs
[2008/11/23 13:18:20 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\Nature Sounds
[2008/11/23 13:18:20 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/04/27 19:28:44 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2008/04/09 22:15:35 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/02 20:36:19 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/07/19 09:46:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2007/02/18 20:59:12 | 000,000,112 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/20 16:43:43 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/11/21 14:45:15 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/10/30 19:40:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/10/30 19:33:31 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/02 09:13:09 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\fusioncache.dat
[2006/08/27 19:53:28 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/08/27 19:04:02 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/27 10:44:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/08/26 20:47:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/26 19:04:03 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
[2006/08/26 18:35:04 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/11 09:39:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/07/11 09:38:48 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/07/11 03:52:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/11 03:32:08 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/07/11 03:28:47 | 000,013,561 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/07/11 03:28:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/07/11 03:23:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2006/07/11 03:21:05 | 000,000,102 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/11 03:16:38 | 000,080,516 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2006/07/11 03:16:38 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2006/07/11 03:15:32 | 000,090,686 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/07/11 03:15:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/07/11 03:06:33 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/07/11 03:05:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/11 03:02:56 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/11 03:02:56 | 001,622,016 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/11 03:02:56 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/11 03:02:56 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/11 03:02:56 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/11 03:02:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/11 03:02:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/11 03:02:55 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/11 02:49:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/11 02:46:14 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/07/11 02:46:14 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/07/11 02:45:52 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/03/17 17:23:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/12/05 16:49:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/12/05 16:36:34 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/12/05 16:36:34 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/12/05 16:34:46 | 000,416,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/05 16:31:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/12/05 16:30:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 06:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 06:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 06:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 06:42:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\BiEAppNT.exe
[2004/09/01 06:42:44 | 000,000,071 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/06/24 12:10:06 | 000,000,567 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/07/17 15:16:52 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.DLL
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 15:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 14:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/02/05 19:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/15 18:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/11/23 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clips
[2010/10/15 19:22:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/11/23 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/08/06 09:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Entriq
[2010/08/06 09:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/10/15 18:35:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/23 13:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2007/01/14 19:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
[2011/02/04 19:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/19 18:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/11/23 13:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/08/06 07:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/16 23:15:13 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1228431091.job
[2011/02/06 15:01:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/02/06 07:13:04 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 09/03/2011 15:22:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\HP_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 273.43 Gb Total Space | 201.71 Gb Free Space | 73.77% Space Free | Partition Type: NTFS
Drive D: | 6.01 Gb Total Space | 0.54 Gb Free Space | 9.03% Space Free | Partition Type: FAT32

Computer Name: RACHEL | User Name: HP_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerCinema\PCMService.exe" = C:\Program Files\CyberLink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\WINDOWS\system32\hpbspsvr.exe" = C:\WINDOWS\system32\hpbspsvr.exe:*:Enabled:HP SocketPing Server -- (Hewlett-Packard Company)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08E4AE58-748D-4983-9B8A-495E2341769F}" = Garmin POI Loader
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{1341D838-719C-4A05-B50F-49420CA1B4BB}" = HP Boot Optimizer
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{182F1920-B05F-4A50-B1CE-D82D9F91433C}" = Clicker 5 English UK Standalone
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AEC8F41-4701-415D-9782-F69CFB535463}" = Creative Zen MicroPhoto
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20840154-87E6-4134-90F2-4D5708FA2624}" = Sex and Relationship Education
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = Garmin WebUpdater
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352F5013-07DC-446D-8DB6-38F339086C60}" = LightScribe 1.4.84.1
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.1
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4D918BF6-9C9A-4FF4-A188-54DAD933C286}" = SMART Board Software (English United Kingdom Language Pack)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"{5D61626A-BD55-4e42-82EE-4AE89D8FD050}" = HP Photosmart Cameras 6.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{6A118C80-B382-41c0-8907-CDD0BF5EFE6E}" = CameraDrivers
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0
"{6DD9963C-271A-4A14-82B0-4DC148C52E58}" = LaCie Backup Software v1.5.2215
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{82081779-4175-4666-A457-AB711CD37EF0}" = cp_LightScribeConfig
"{829DAAD6-BB11-4BB7-921B-07FFB703F944}" = CP_Package_Variety3
"{82E55892-6FFD-403F-AA97-D726846768AA}" = CP_AtenaShokunin1Config
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{866A0078-DEA7-4348-9C9A-999AF2991EAA}" = SlideShowMusic
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A534F71-3202-4464-A422-B767295E67B9}" = CP_Package_Variety2
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8DFD3DDA-6127-413a-83E7-5E03F17F2275}" = PS420
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{93E5A317-24EC-4744-812C-16FECFE86E6A}" = CP_Package_Variety1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{996EC44B-38E1-4898-8E47-3EE3D15F2712}" = Garmin WebUpdater
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A41A96D2-A069-4678-BDAF-2AACED576ABD}" = SMART Essentials for Educators
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABBACAD2-4DAF-490E-932B-E330B33FCF98}" = Softi FreeOCR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B72EB184-2A42-4B3C-8F8F-D7EF163829B4}" = SMART Board Software
"{B820CB04-D21E-48A4-A110-1A783A86EAA3}" = Garmin StreetPilot c320 Europe
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9DD2DE0-27BE-4e6b-AAD8-0D960ABF87FD}" = CameraUserGuides
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C3FAA091-B278-44A7-BF48-190811C5F9F7}" = cp_UpdateProjectsConfig
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DCD3471D-4DDA-4DC2-8B9F-A662D0C362AC}" = Linksys Wireless-N USB Network Adapter WUSB300N
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E3A93D47-E0AA-4A1C-B5D3-27AF26EABF47}_is1" = A Better Mousetrap 1.0
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"Demand Five Player_is1" = Demand Five Player
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 5.2.0603
"Foxit Reader" = Foxit Reader
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp instant support" = hp instant support
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755}" = Internet Services
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"iOrgSoft Video Converter" = iOrgSoft Video Converter 3.3.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PE Builder_is1" = PE Builder 3.1.10a
"Pen Tablet Driver" = Pen Tablet
"PremElem10" = Adobe Premiere Elements 1.0
"Printer Status and Alerts Uninstaller" = Printer Status and Alerts Uninstaller
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shop for HP Supplies" = Shop for HP Supplies
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v3.10
"Sweet Home 3D_is1" = Sweet Home 3D version 2.2
"SysInfo" = Creative System Information
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3880268453-770641428-2631199293-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SmartDraw 2010" = SmartDraw 2010
"WriteOnline" = WriteOnline
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/02/2011 03:40:57 | Computer Name = RACHEL | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 05/02/2011 15:23:12 | Computer Name = RACHEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2011 15:26:20 | Computer Name = RACHEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2011 15:36:54 | Computer Name = RACHEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2011 15:38:56 | Computer Name = RACHEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2011 15:47:54 | Computer Name = RACHEL | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/02/2011 15:47:57 | Computer Name = RACHEL | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 06/02/2011 08:08:02 | Computer Name = RACHEL | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 1800 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

Error - 06/02/2011 08:08:02 | Computer Name = RACHEL | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d02

Error - 06/02/2011 09:22:00 | Computer Name = RACHEL | Source = MSDTC Client | ID = 4427
Description = Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215,
Pid: 1800 No Callstack, CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC7923

[ System Events ]
Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The KService service terminated unexpectedly. It has done this 1
time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The Photoshop Elements Device Connect service terminated unexpectedly.
It has done this 1 time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The SMART Board Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The TabletServicePen service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The TomTomHOMEService service terminated unexpectedly. It has done
this 1 time(s).

Error - 06/02/2011 03:01:12 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7031
Description = The WUSB300NSvc service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 06/02/2011 03:01:13 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The CyberLink Task Scheduler (CTS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 06/02/2011 03:01:13 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 06/02/2011 03:12:35 | Computer Name = RACHEL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2


< End of report >
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm

Re: Trojan Problems

Unread postby Bob4 » March 10th, 2011, 7:34 am

  • Please go here and download ERUNT.
  • Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe


__________________________
Custom fix with OTL
  • Click on OTL it to open
  • Click on the word noneon top. I will change to standard
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all
OTL:
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/cust ... _side.html
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPBootOp] File not found
O4 - HKLM..\Run: [HPHUPD08] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

:Commands 
[emptytemp] 

Now click on Run Fix
When it's done post the file that opens for me.

_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.
  • Then uncheck remove unwanted threats
  • place a check by scan archives.

    With internet explorer
  • Check the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • When the Computer scan screen appears, leave un-check remove found threats UNcheck but check the box next to Scan unwanted applications.
  • Under advanced settings check scan for potentially unwanted applications
  • Under advanced settings check scan for potentially unsafe applications
  • Enable Anti-stealth technologies.
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • Once complete and the summary page appears, press windows Start, copy/paste the following command into the search box and press Enter:
    C:\Program Files\ESET\ESET Online Scanner\log.txt
  • The log file should now appear in Notepad, copy and paste the contents in your next response.


_________________________
In your next reply I would like to see:
  • The report from OTL
  • The report from Nod32 online
  • The report from How do things seem to be running?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Trojan Problems

Unread postby wealdstone » March 10th, 2011, 11:50 am

Only partial success again with this one.

The ERUNT and OTL insructions worked and the file is pasted below.

On the ESET site, IE stopped respopnding when I tried to allow the ActiveX control. This happened before when I tried updating Adobe reader.



All processes killed
Error: Unable to interpret <OTL:> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/cust ... _side.html> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HPBootOp] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [HPHUPD08] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [PCDrProfiler] File not found> in the current context!
Error: Unable to interpret <O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Owner
->Temp folder emptied: 3374177 bytes
->Temporary Internet Files folder emptied: 72216205 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 655 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1493 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 512992 bytes

Total Files Cleaned = 73.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03102011_153040

Files\Folders moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\848MU180\viewtopic[1].htm moved successfully.
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm

Re: Trojan Problems

Unread postby Bob4 » March 10th, 2011, 9:46 pm

My apologies. We need to run OTL one more time.

__________________________
Custom fix with OTL
  • Click on OTL it to open
  • Click on the word noneon top. I will change to standard
  • Copy the text below in the code box into the custon scan box on the bottom.
    ( DO NOT COPY THE WORD CODE)
Code: Select all
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/cust ... _side.html
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3880268453-770641428-2631199293-1008\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPBootOp] File not found
O4 - HKLM..\Run: [HPHUPD08] File not found
O4 - HKLM..\Run: [PCDrProfiler] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found

Now click on Run Fix
When it's done post the file that opens for me.


____________________________________
Let's see if active X controls are enabled in Internet explorer.

Enable ActiveX in Internet Explorer
.
  • From the Tools menu, select Internet Options.
  • Click the Security tab.
  • Internet Options Security tab
    Internet should be highlighted.
  • Click Custom Level.
    The Security Settings - Internet Zone dialog box appears.
  • Scroll down to the options below Internet ActiveX Controls and Plugins and enable the following:
  • Run ActiveX Controls and Plugins
  • Script ActiveX Controls Marked Safe for Scripting
  • Click OK to save your settings and exit the Internet ActiveX Controls and Plugins dialog box.

Now try Nod32 again. If you still have problems with Internet explorer try using Firefox.

_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.
  • Then uncheck remove unwanted threats
  • place a check by scan archives.

    With internet explorer
  • Check the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • When the Computer scan screen appears, leave un-check remove found threats UNcheck but check the box next to Scan unwanted applications.
  • Under advanced settings check scan for potentially unwanted applications
  • Under advanced settings check scan for potentially unsafe applications
  • Enable Anti-stealth technologies.
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • Once complete and the summary page appears, press windows Start, copy/paste the following command into the search box and press Enter:
    C:\Program Files\ESET\ESET Online Scanner\log.txt
  • The log file should now appear in Notepad, copy and paste the contents in your next response.




_________________________
In your next reply I would like to see:
  • The report from OTL
  • The report from Nod32 online
  • How do things seem to be running?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Trojan Problems

Unread postby wealdstone » March 11th, 2011, 7:39 pm

Everything seems to be running well. No redirects or notifications of suspect files.

Here are the two reports:

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKU\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-3880268453-770641428-2631199293-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPBootOp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HPHUPD08 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08E730A4-FB02-45BD-A900-01E4AD8016F6}\ not found.

OTL by OldTimer - Version 3.2.22.3 log created on 03112011_162410


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=77ce5745328c7744a20c711007c87f96
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-11 08:37:13
# local_time=2011-03-11 08:37:13 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 12693776 12693776 0 0
# compatibility_mode=1797 16775125 100 93 2890105 36394796 174776 0
# compatibility_mode=8192 67108863 100 0 4128 4128 0 0
# scanned=201524
# found=0
# cleaned=0
# scan_time=13988
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm

Re: Trojan Problems

Unread postby Bob4 » March 12th, 2011, 4:40 am

:D Nice work. Your system seems to be clean again.
Just a few things to clean up some of what we used and a few preventative tips.



_____________________________
This process is going to clean up some of the tools we have used.
Open OTL.exe click on the cleanup button. You will be asked to reboot.
Please do so now to clean up some tools.

___________________________________
Create a clean System Restore Point:
The reason for doing this is in case you need system restore you don't put back all we just took out.
  • Click start/all programs /accessories/system tools/system restore
  • Place a check mark by turn off system restore
  • Windows will give you a warning click yes
  • Click APPLY
  • REBOOT the computer
  • Once rebooted go right back to the same place and place a check mark by system restore
  • Click APPLY and OK



______________________________________
Windows Updates
Be certain automatic updates are turned on
XP.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical/important updates.
I know rebooting sometimes can be at an inconvenient time. Postpone it till later. This will still take less time than we needed to fix your machine. ;-)


_________________________________
Replace your host file
What this does... A host file is a list of known bad sites.
When you click or type in a link the host file is checked first.
If that link you typed or clicked is in the host file your browser will redirect you to http://127.0.0.1 .
A page on your computer. Go ahead and click that. Then use the back button to come back.

Download HostsXpert v4.1 and unzip it to your desktop.
  • Double click on HostsXpert.exe
  • Click on Make writeable. (if Available) You should now see Make Readable.
  • Then click on Download<< MVPs Hosts << Replace. If your firewall asks allow it.
    Once it's done.
  • Click on Make Hosts Read Only to secure it against further infection.

______________________________________
  • Disable DNS Client Service. This is necessary when installing a large HOSTS file.
    From Start, or Start, Run
    Type services.msc in the box and hit <Enter>
    Give permission to continue if necessary.
    Scroll down to DNS Client on the list, Right Click it and choose Properties.
    Under Service Status, click Stop. Wait until it reports the service stopped.
    Under Startup Type, choose Disabled.
    Then click Apply, OK


    _______________________________________
    Firewalls
    I see no evidence of a fire wall. I suggest you get one in place now.
    A few words on Microsoft firewall in XP . It only works in one direction. Incoming.
    That means if something gets by it you would never know it was trying
    to contact the internet.
    Example: A bad program installs itself. You would never know it was contacting the internet.
    Downloading other nasties and so forth.
    If you decide to run one of these you should be certain Microsofts firewall is disabled.
    1. Click Start, click Run, type Firewall.cpl, and then click OK.
    2. On the General tab, click Off (not recommended).
    3. Click OK.
    I will list a few free firewalls for you. These are good (free) firewalls:
    Never run 2 firewalls together. They will interfere with each other.
    So just download and install one![Please note that trial pay is not needed to get any product for free.]
Some software vendors are now using TrialPay service to offer their software, service or subscription for free. Please do NOT sign-up for TrialPay account unless you want to buy or try a product or any item in TrialPay.

IF ever you arrived on such page (sample below) because you want to download the free software, just click "Continue To Download", do NOT enter your email address and Full name if you DO NOT plan to buy or try anything in TrialPay.

IF you want to buy the vendor's software or subscription, please check their website for OTHER OPTION (not the trialpay method) unless you really want to use TrialPay to buy another item.



_______________________________________
Always watch closely to any software your installing.
If they want to install something more than their program stop right there and investigate what it is they want to place on your computer.
If they give you the option not to install it choose that until you investigate it completely.
The more you install that you don't want or need the more you'll wish you didn't.



Here's a good read, if you care to, on...So how did you get infected in the first place ?



Safe and Happy Surfing. :)
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Trojan Problems

Unread postby wealdstone » March 13th, 2011, 8:10 am

Thanks very much for your, expertise and patience in dealing with this problem.
wealdstone
Active Member
 
Posts: 6
Joined: March 7th, 2011, 3:44 pm

Re: Trojan Problems

Unread postby Cypher » March 13th, 2011, 8:37 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware